Linux help - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 9 (permalink) Old 01-07-2008, 01:52 PM Thread Starter
 
Join Date: Jun 2002
Posts: 96
Linux help

I'm seriously having a difficult time finding someone that knows their shit about Linux, are there any takers? I have a Squid box that I'm trying to configure through Webmin, and the little bastage is giving me a headache with ACL among other things.


PM me and we can talk details. I'm wanting this done ASAP
RedDevil is offline  
Sponsored Links
Advertisement
 
post #2 of 9 (permalink) Old 01-07-2008, 02:49 PM
Lifer
 
Join Date: Mar 2000
Location: McKinney
Posts: 2,091
Lightbulb

Quote:
Originally Posted by RedDevil
I'm seriously having a difficult time finding someone that knows their shit about Linux, are there any takers? I have a Squid box that I'm trying to configure through Webmin, and the little bastage is giving me a headache with ACL among other things.


PM me and we can talk details. I'm wanting this done ASAP
Squid != Linux and Linux != Squid.

Now that is out of the way, what all are you having issues with? What version of squid? Do you know what you're trying to accomplish? I've never used the Webmin plugin for squid, but have created squid configs from scratch. Why not post the issues here, so that more people can learn?

Chambers
chambers is offline  
post #3 of 9 (permalink) Old 01-07-2008, 03:22 PM Thread Starter
 
Join Date: Jun 2002
Posts: 96
Easiest way for a !linux person to describe what I have setup is:

I have a box with Centos5 loaded. I then in turn have Webmin installed for a more windows based experience. I've installed Squid 2.6, and have it configured to act as the gateway for my network. What I'm trying to accomplish is to filter the websites employees are browsing to. I'm sick of them surfing Myspace all day, the problem I'm running into is the ACL's; I've tried to configure a few simple ACL's and have zero luck with them actively blocking websites( i.e. Myspace)
RedDevil is offline  
 
post #4 of 9 (permalink) Old 01-07-2008, 04:11 PM
Lifer
 
Join Date: Mar 2000
Location: McKinney
Posts: 2,091
Quote:
Originally Posted by RedDevil
Easiest way for a !linux person to describe what I have setup is:

I have a box with Centos5 loaded. I then in turn have Webmin installed for a more windows based experience. I've installed Squid 2.6, and have it configured to act as the gateway for my network. What I'm trying to accomplish is to filter the websites employees are browsing to. I'm sick of them surfing Myspace all day, the problem I'm running into is the ACL's; I've tried to configure a few simple ACL's and have zero luck with them actively blocking websites( i.e. Myspace)
Do you have the clients setup to use the squid proxy, or are you attempting to do transparent proxying. The reason I ask, is to see if you have an issue with your iptables setup, or with your squid setup.

Restated:
1) Have the Linux box setup with iptables, as a default route on the network, so that all external network traffic flows through it. The iptables setup redirects connections to port 80 (HTTP) to your squid proxy running on the same box. The squid proxy then uses the ACLs to allow/disallow access to websites.

2) You have each client setup to use the squid proxy as a Proxy. Requires configuring the browser for the squid proxy. NAT is disabled for the network, so the default route won't allow the clients to connect out to the internet directly. Without the proxy definition, no access to the internet is allowed.

With #1, you'll need to make sure that packets are hitting the squid proxy, and that your iptables entries are working they way you think they are. Next, you'll need to make sure that your ACLs are working in squid the way you think they are.

For #2, it's fairly easy to point to squid and the ACL configuration.


So with that, I'll post up an example squid configuration that should do what you want.

Chambers
chambers is offline  
post #5 of 9 (permalink) Old 01-07-2008, 04:41 PM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
have you also looked at dansguardian? Its an open source content filtering plugin for squid. I may implement it here at home to moderate what 3 little boys can see

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Quote:
Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #6 of 9 (permalink) Old 01-07-2008, 08:39 PM
2girls1cup
 
Blue5spd's Avatar
 
Join Date: May 2002
Location: Breaking up happy homes!
Posts: 3,381
Quote:
Originally Posted by RedDevil
Easiest way for a !linux person to describe what I have setup is:

I have a box with Centos5 loaded. I then in turn have Webmin installed for a more windows based experience. I've installed Squid 2.6, and have it configured to act as the gateway for my network. What I'm trying to accomplish is to filter the websites employees are browsing to. I'm sick of them surfing Myspace all day, the problem I'm running into is the ACL's; I've tried to configure a few simple ACL's and have zero luck with them actively blocking websites( i.e. Myspace)

I hate linux. Edit the host file for a cheap solution. If intrested I have a huge ass host file someone gave me that has, all the latest porn sites, proxy sites, and networking sites.
Blue5spd is offline  
post #7 of 9 (permalink) Old 01-08-2008, 10:11 AM
Lifer
 
HiTechRedneck's Avatar
 
Join Date: Jul 2003
Posts: 1,063
Quote:
Originally Posted by RedDevil
Easiest way for a !linux person to describe what I have setup is:

I have a box with Centos5 loaded. I then in turn have Webmin installed for a more windows based experience. I've installed Squid 2.6, and have it configured to act as the gateway for my network. What I'm trying to accomplish is to filter the websites employees are browsing to. I'm sick of them surfing Myspace all day, the problem I'm running into is the ACL's; I've tried to configure a few simple ACL's and have zero luck with them actively blocking websites( i.e. Myspace)
Best thing to do is create a new policy and send it out as a memo, something to the effect of: All use of internet activity is to be job related, any non-job related internet use will be considered a security breach and terrorist activity. All terrorist activity will be dealt with slugs from my AR-15.

Next go create a script to scan your firewall log file for your sites that you dont approve of. When you see one trace the IP down to the computer. Now go put your Ghillie suit on and paint your face with camo and grab your AR-15. Belly crawl your way down to the terrorist's cubicle and jump up shouting "you fucking Ah-La-La!" and spay them with lead. Now disappear back into the shadows of the coffee machine/cubicle/printer farms/whatever and go back to scanning your log file.
HiTechRedneck is offline  
post #8 of 9 (permalink) Old 01-08-2008, 06:36 PM
Lifer
 
Join Date: Mar 2000
Location: McKinney
Posts: 2,091
Here's an example config to block myspace:

Code:
acl MySpace dstdom_regex myspace
http_access deny MySpace
http_access allow all
But you might want to look into a more complete solution, such as SquidGuard. This will allow you to block lots of different things using blacklists. There are links to several sites that aggregate the lists for you.

Or, as mentioned, you can block the DNS resolving by using OpenDNS. They allow you to setup your network so that it will no longer resolve domains that you choose. It's quite spiff, and has a nice web interface for ya.

Chambers
chambers is offline  
post #9 of 9 (permalink) Old 01-09-2008, 07:38 AM Thread Starter
 
Join Date: Jun 2002
Posts: 96
Quote:
Originally Posted by HiTechRedneck
Best thing to do is create a new policy and send it out as a memo, something to the effect of: All use of internet activity is to be job related, any non-job related internet use will be considered a security breach and terrorist activity. All terrorist activity will be dealt with slugs from my AR-15.

Next go create a script to scan your firewall log file for your sites that you dont approve of. When you see one trace the IP down to the computer. Now go put your Ghillie suit on and paint your face with camo and grab your AR-15. Belly crawl your way down to the terrorist's cubicle and jump up shouting "you fucking Ah-La-La!" and spay them with lead. Now disappear back into the shadows of the coffee machine/cubicle/printer farms/whatever and go back to scanning your log file.


Shit, what do I do if I forgot the camo?
RedDevil is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome