HPE Community
Operating System - Linux
1752557 Members
4446 Online
108788 Solutions
New Discussion юеВ

proxy configuration

 
SOLVED
Go to solution
Kenn Chen
Advisor

тАО12-06-2000 05:20 PM

тАО12-06-2000 05:20 PM

proxy configuration

Currently, i would like to setup a small cyber cafe for my company. I wish to install Linux as my platform and all PCs must go thru my server (also Linux) before can go to internet.
Besides, i also need to clock some phono websides. So, any recommendation for this idea and HOW to implemet it. Is squid fullfil my requirements. ??
Cyber Zen
0 Kudos
Reply
5 REPLIES 5
Ralf Reinartz
Frequent Advisor

тАО12-07-2000 12:58 AM

тАО12-07-2000 12:58 AM

Solution

Re: proxy configuration

Chen,

For real security you'll need a little bit more than a proxy server.

For a minimum security do the following:

Install two NIC Cards to your Linux maschine.
Switch off IP-Forwarding in your Kernel Configuration.
One connected to your internet Router with your offical IP Adress.
One to your internal Network. For the Interneal Network use RFC not-routed IP adresse (192,160.xxxx.xxx, 172.20.xxx.xxx, 10.xxx.xxx.xxx).

Install Squid for http, https and FTP to the internet.
In squid.conf set the access rules that only your internel network can access the proxy.
Don't start Inetd. Nomally you don't really use it. If you need to configure the Proxy Server remotely use the secure shell (ssh).
Don't install sendmail. If you need sendmail, be carefull. It musst be configured without relaying.

For more secutrity you can set access rules with "ipchains". But thats not easy.

For more access to the internet than www and ftp you can use IP Masquerading (aka NAT).

Hope this helps a little bit

so long

Ralf
Reply
Kenn Chen
Advisor

тАО12-07-2000 01:13 AM

тАО12-07-2000 01:13 AM

Re: proxy configuration

I did modified the squid.conf and now the squid is started and work well. I can see the log files such as access.log and cache.log in squid directory. But, now, my purpose is to block certain website (e.g. 201.234.43.22)and i can't block the side although i already deny the IP address in squid.conf file.

Sample
======

aclname = denied_hosts src 201.234.43.22

http_access allow all
http_access deny denied_hosts

How can I block the side with squid.conf
Cyber Zen
0 Kudos
Reply
Luiz Fernando de Andrad
Advisor

тАО12-07-2000 02:16 AM

тАО12-07-2000 02:16 AM

Re: proxy configuration

You allow all first !.
You must deny first.

Sample
======

aclname = denied_hosts src 201.234.43.22

http_access deny denied_hosts
http_access allow all

0 Kudos
Reply
Kenn Chen
Advisor

тАО12-07-2000 05:50 PM

тАО12-07-2000 05:50 PM

Re: proxy configuration

Hi friends ,

I do not want to block my clients PCs accessing to internet, BUT, i need to block / filter the website that they are acceessing to, example like porno websites. Is squid.conf can configure it ??
Cyber Zen
0 Kudos
Reply
Luiz Fernando de Andrad
Advisor

тАО12-18-2000 03:27 AM

тАО12-18-2000 03:27 AM

Re: proxy configuration

put on denied_hosts acl, the address you want do block !

ex:

aclname = denied_hosts src www.playboy.com , www.sex.com, 200.200.100.1

http_access deny denied_hosts
http_access allow all

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.