Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

proxy configuration

SOLVED
Go to solution
Kenn Chen
Advisor

proxy configuration

Currently, i would like to setup a small cyber cafe for my company. I wish to install Linux as my platform and all PCs must go thru my server (also Linux) before can go to internet.
Besides, i also need to clock some phono websides. So, any recommendation for this idea and HOW to implemet it. Is squid fullfil my requirements. ??
Cyber Zen
5 REPLIES
Ralf Reinartz
Frequent Advisor
Solution

Re: proxy configuration

Chen,

For real security you'll need a little bit more than a proxy server.

For a minimum security do the following:

Install two NIC Cards to your Linux maschine.
Switch off IP-Forwarding in your Kernel Configuration.
One connected to your internet Router with your offical IP Adress.
One to your internal Network. For the Interneal Network use RFC not-routed IP adresse (192,160.xxxx.xxx, 172.20.xxx.xxx, 10.xxx.xxx.xxx).

Install Squid for http, https and FTP to the internet.
In squid.conf set the access rules that only your internel network can access the proxy.
Don't start Inetd. Nomally you don't really use it. If you need to configure the Proxy Server remotely use the secure shell (ssh).
Don't install sendmail. If you need sendmail, be carefull. It musst be configured without relaying.

For more secutrity you can set access rules with "ipchains". But thats not easy.

For more access to the internet than www and ftp you can use IP Masquerading (aka NAT).

Hope this helps a little bit

so long

Ralf
Kenn Chen
Advisor

Re: proxy configuration

I did modified the squid.conf and now the squid is started and work well. I can see the log files such as access.log and cache.log in squid directory. But, now, my purpose is to block certain website (e.g. 201.234.43.22)and i can't block the side although i already deny the IP address in squid.conf file.

Sample
======

aclname = denied_hosts src 201.234.43.22

http_access allow all
http_access deny denied_hosts

How can I block the side with squid.conf
Cyber Zen

Re: proxy configuration

You allow all first !.
You must deny first.

Sample
======

aclname = denied_hosts src 201.234.43.22

http_access deny denied_hosts
http_access allow all

Kenn Chen
Advisor

Re: proxy configuration

Hi friends ,

I do not want to block my clients PCs accessing to internet, BUT, i need to block / filter the website that they are acceessing to, example like porno websites. Is squid.conf can configure it ??
Cyber Zen

Re: proxy configuration

put on denied_hosts acl, the address you want do block !

ex:

aclname = denied_hosts src www.playboy.com , www.sex.com, 200.200.100.1

http_access deny denied_hosts
http_access allow all