I have around 9 squid proxy servers and going to deploy Dansguardian on all of them. But I feel managing individual copy/server would be an tedious job hence please let me know if any one aware of centralized management solution for Squid+Dansguardian? Or if not let me know if you are aware of any such other Open Source product.
View 1 Replies
I've been pulling my hair out and can't figure out what's wrong. I have dhcp, squid, and dansguardian all running on my server, but when I point a client to it for a proxy (192.168.1.15:8080) and try to get to a website, nothing happens and the connection times out. When I don't bother with the proxy, the client has no trouble getting to the internet. I've verified I can ping the server and gateway from both machines. And the services are running, no errors noted in the logs. Do I need to do any iptables or selinux changes?
My network is very basic, several clients on the same network as the server, connected to a verizon gateway. Local addresses are 192.168.1.x. The server is 192.168.1.15, gateway is 192.168.1.1.
I'm using:
* squid-7:3.1.8-1.fc12 (x86_64)
* dansguardian-2.10.1.1-3.fc12.x86_64
* Fedora 12
My squid config file:
Quote:
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
[code]....
I have squid running perfectly and I added MySQL Squid Access Report 2.1.4 and the reports works just fine. The problem its when I add a dansguardian content filter, from that moment the only IP address that appears on the report its the box itself (I have all running on the same box).
IPtables forward requests to port 8080 Dansguardian listening on port 8080 forwards to squid on port 3128 Squid on port 3128 to internet (Here I review the logs with MySar).
I know it is because the actual http request for Squid came from Dansguardian's IP address (its the job of the proxy). how to have the real IP address on the reports.
can anyone give me the solution how to configure dansguardian on squid transparent proxy.i m using
linux - slackware
squid - squid-2.6-stable18
dansguardian - 2.10.1.1
squid transparent proxy is working properly.
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
I have to set up a box which can manage all the logins in our company and has the feature to manage every possible permission with as much comfort as possible. We are using Linux and AIX therefore my Boss is willing to switch from our Windows DC to a Linux DC. And here lies the problem, I don't really know what is needed to set the Box up to manage the Unix, Samba and LDAP accounts with one tool maybe?
I would like to know which Software exactly is needed and how to manage to get the thing to work together with a security aspect. I configured a Samba DC with LDAP, Kerberos and TLS but it looks like I overdid it because Kerberos is not able to manage the things we need in a manner that the other Admins in my Company would get things done in a short time.
Therefore I would like to get listed all the Software needed and maybe some How Tos how to get thing working, because I am losing my nerves on this matter.
In the last 3 weeks I have set up several test boxes but every time something doesn't work. My biggest Problem is to get Samba and LDAP to work together with TLS or another security scenario.
I have installed dansguardian and squid on my home computer and I need to configure them. the only problem I couldn't find any manual only one for opensuse 9. And even there the part after "acl CONNECT method CONNECT" doesn't make any sense to me.
View 1 Replies View RelatedI have installed squid and dansguardian on my server, I also setup my iptables to forward port 80 communication to port 3128 (squid). I also have remove the comment on /etc/dansguardian/dansguardianf1.conf (line "bannedextensionlist") hoping that my server would block download. But it isn't, it still download file no matter I add in /etc/dansguardian/lists/bannedextensionlist. Oh yeah, I also add this line to my /etc/squid/squid.conf
Code:
cache_peer 172.16.1.212 parent 8080 0 no-query default
so that squid will consider dansguardian as it's parent.
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
I am trying to learn DansGuardian for content filtering, but for some reasons it is NOT working for me. equest is directly getting routed to SQUID, it should come first to DansGuardian and then to SQUID.I have created the below scenario on CENTOS 5.5 boxes.
Code:
192.168.0.10box1.test.comYUM/HTTP SERVER
192.168.0.20box2.test.comYUM/HTTP CLIENT, SQUID SERVER
[code]....
I have a proxy server (squid-3) that I would like to setup Dansguardian to do additional web filtering.
The system:
Ubuntu 10.10 - all updates as of today
Dansguardian - 2.10.1.1-2ubuntu0.1 (latest update)
Squid3 - latest update (not squid 2.7)
Webmin - 1.530 (all updates)
Webmin dansguardian module - 0.7.1
Ok - I have all of the above installed. When I go to the DG module page in Webmin, I get the following:
Warning - the version of DansGuardian you have is not supported by this Webmin module version
Webmin Module Version 0.7.1 supports DG version 2.10 (& 2.9)
Currently installed DG version
This obviously makes no sense, since I am running DG version 2.10.1...
PS. I have squid installed, but not configured (still tinkering) - could this be the problem? That squid needs to be running for DG to work?
I want to block yahoo mail chat in dansguardian. I had google few thing I come to know that I need to do this. Locking DNS lookups to webcs.msg.yahoo and httpcs.msg.yahoo by returning 127.0.0.1. I haven't have dns configured. So what I need to do solve this problem. I had tried by making an entry in etc hosts file. but it didn't worked.
View 3 Replies View RelatedI have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
View 1 Replies View RelatedI have Squid and Dans set up on a passthrough box with 2 nics, port 80 requestsEverything is working great. I need to know if there is a way to set up Dansguardian so that a user can enter a password on a blocked page to access it.
View 3 Replies View Relatedinstalled dansguardian and now working fine.I got a small problem. People bypassing proxy settings in firefox, means they go to settings and changes proxy settings to no proxy.. how to prevent this? How can I force people to use proxy to connect Internet? I done some googling but, unable to find a solution.
View 3 Replies View Relatedis this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
How to set download limit using SQUID? I want to specify the download limit for a particular list in MB. Is it possible to limit bandwith for some group of machines in network?
View 1 Replies View RelatedI want to set up a centralized log server, and I have several requisites:
1. The ability to view multiple log files via a web interface or browser.
2. The server's ability to send e-mails to the administrators when a critical condition occurs within the log files.
The logcheck application seems like a good start. However, it does not have a web gui so I was wondering if anyone can recommend a program that either works with logcheck or has the above two requisites on its own.
How to set download limit using SQUID? I want to specify the download limit for a particular list in MB. Is it possible to limit bandwith for some group of machines in network?
- we have a bunch of linux servers.
- lots of users work with linux Desktops. They use them as testing servers.
- All the infrastructure has the Authentication services linked by Quest Auth Services againts an AD. This gives us the option of logon scripts, startup scripts, and other things.
- One interesting option this Quest thing gives us is SUDO management. We can edit sudoers file by GPO politics.
- Now we are deploying a NAS server from Hitachi with cifs and NFS mapping capabilities.
- Servers are managed by IT, so nobody can go root except us.
- Desktop users will also mount the NFS shares so they will be able to work with real data and read their own data from servers.
- Desktop users can go sudo su.
- If desktop users go from root to another user, the NFS let them work as they where the other user.
I would like to keep them from swithching users, but only between AD users, they must be able to switch to apache user or postgres user.
i want to run a homeserver here for centralized data storage and more...features required:
client compatibility with most Linux distributions, MS Windows 2000, XP, Vista, 7, XBOX!
harddisk shutdown if not in use (got some real noisy ones)
easy administration?! (maybe web-based?)
security! no files or folders over the internet (yet)
[code]....
I have setup openldap and samba for authenticating Windows and Linux clients on my server. They are working fine. Windows users are getting authenticated through server as Primary Domain Controller and Linux clients directly from Openldap directory. But I have little problem that is I want to mount home folders created on server to be available on clients so clients get a centralized storage with some quota on both Linux and Windows clients. Can you help me please how can I do that.
View 3 Replies View Relatedlinux i have configured squid with dansguardian but not able to block the sites and url.. i am accessing dansgaurdian through webmin.. please help me out in the above (with screen shots)
View 2 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedThere is this server running squid and dansguardian as proxy for the local network. Everything is working fine. But I have seen that from time to time the danguardian dies out and fails to respond to shutdown or restart commands. And this is because of the binary located at /usr/local/sbin named dansguardian goes empty. There are multiple instances and hence copying another named dansguardian.2 to dansguardian does it. And dansguardian works normally as it should. Looked into dmesg and /var/log/messages but nothing there. It was compiled and not installed from pre compiled binaries. And runs on CentOS5.4 Final.
View 3 Replies View RelatedI'm having some problems allowing websites with the word essex in the domain name. I've been running dansguardan for some time now and have managed to make rules to allow and disallow sites, but I've now hit a brick wall on the latest request from staff here. which config file i need to edit.I've tried adding *essex*.* to the exceptionsitelist, but these sites are still blocked. Example sites are [URL]
View 1 Replies View RelatedI'm new to networks and servers, been using Linux on the desktop for a while now but always relied on the company's IT guy for setting up everyting LAN-based.
Now I want to build up my home LAN, and want to do it with Linux. I've managed to set up LAMP and file share servers.
What I am looking for is information on what I need, and how to set up a server for the following tasks:Centralized Username and Password, that when the user logs into any one of the desktops in the LAN, it uses this for authentication
Something that allows this authentication to be utilized in other servers (file access, web access, router logging, etc.). Something to make it easier for continuing permissions from one service to another. e.g. I have IPCop filtering content, and it has provisions for tracking who is making which request if there is authentication going on. (optionally) to run a script for mounting Samba shares or mapped network drives so from one system to the next. For example, in whatever box somebody logs in, it mounts a server share ("smb://Myserver/users/<username>") to a local folder ("my_user_share").
So;user "fred" ="smb://Myserver/users/fred" and user "wilma" = "smb://Myserver/users/wilma" but both would find their respective one mounted under "~/my_user_share". This would be irrespective of which box they are loggin in with. If the server share location changes (new server/servername), I change it on the server so the next time they log in it points to the right place.
I guess it is similar to Window's Active Directory, though I'm not sure what it's called, how to configure it and what it is and is not capable of doing.
Many software available for patch managment like OCSinventry, cfengine,puppet,redhat satellite server for linux. I want to perform patch management for my Linux server (centOS, debian) My question is how to find out which patches available for Linux and which patches i need to apply. Is there any way to find out require patches?
View 6 Replies View RelatedHere is my query:
Squid document says that Squid accepts only HTTP requests but speaks FTP on the server side when FTP object are requested.
We call Squid HTTP and FTP caching proxy server. Does it also caches FTP contents? Is it possible to configure FTP clients to use Squid cache? When we make an FTP request to an FTP site via Squid will it be bypassed?
