Author Topic: Squid3 & dansguardian transparent proxy  (Read 9276 times)

Govo

  • Guru
  • ****
  • Posts: 204
    • View Profile
Squid3 & dansguardian transparent proxy
« on: May 06, 2015, 02:13:35 am »
Hi
Just want to post this here future reference hope LMCE team don't mind, and for any one looking for transparent proxy the below works, I have it working on Linuxmce 10.4

remember I  am not responsible  if your machine breaks. but again I just want some were to future reference.

I respect the fact that squid in been worked on for the new up coming releases. as per http://wiki.linuxmce.org/index.php/Squid
and well done to the dev's.

Here'ss my quick notes to get it working  (some wording is taken from http://wiki.linuxmce.org/index.php/Installing_Dansguardian & http://wiki.linuxmce.org/index.php/Squid  )

Thank's to these wiki pages they helped a lot

sudo apt-get install squid3
edit squid3 config 
nano /etc/squid3/squid.conf
replace 
http_port 3128 to http_port 3128 transparent
Find the "acl localhost src" line and insert the following line below: "acl dcerouterlocalnet src 192.168.80.0/24"
Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
Under the line is one that reads "http_access allow localhost". Below this you need to insert a line allowing your local LAN; "http_access allow dcerouterlocalnet. Now save the file, and exit.


apt-get install dansguardian
nano /etc/dansguardian/dansguardian.conf
change filter port to  8081 and proxyip = 192.168.80.1
save

/etc/init.d/apache2 restart
/etc/init.d/dansguardian stop
/etc/init.d/dansguardian start
sudo /etc/init.d/squid3 restart

Edit file /usr/pluto/bin/Network_Firewall.sh from terminal

nano /usr/pluto/bin/Network_Firewall.sh OR  vi /usr/pluto/bin/Network_Firewall.sh


NOTE: check ifconfig to figure out what lan card has static address  eht0 or eth1  change the eth in the forward port rule to match lan card of static ip address from LMCE .ie 192.68.80.1

Add the below line  in just under the heading # Set some default firewall parameters before opening ports

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8081

Then close and save  and reboot the system, visit  http://whatismyipaddress.com/proxy-check to check if proxy is working.


The normal firewall forwarding rule would not work even if  you enable it, so my work around was to setup upon booting the core.


Install proxy graph to view the hits and page catches, follow the following link.

http://askubuntu.com/questions/12420/any-idea-how-to-use-tail-f-in-squid-to-see-logging-and-processing-on-localhost

Create cronjob under root  to update chart 

crontab -e

Add the following line

*/5 * * * * cd /etc/init.d/squid-graph && ./squid-graph --tcp-only -n -o=/var/www/squid-graph/ --title="Give your report a title " < /var/log/squid3/access.log


CD into /etc/init.d/squid-graph and edit the file  nano squid-graph to add auto refresh to the html report for every 6 minutes

Locate the below line
print IDX "<H1>$title</H1>\n";

And add the below line under it

print IDX "<meta http-equiv=\"refresh\" content=\"360\" \n";

« Last Edit: May 28, 2015, 10:51:09 pm by Govo »

Marie.O

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3675
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Squid3 & dansguardian transparent proxy
« Reply #1 on: May 06, 2015, 10:47:29 am »
govo,

nice work, but we already have that implemented in LinuxMCE. Check with Alblasco1702. Might be, that it is in 1204ff available only.

Govo

  • Guru
  • ****
  • Posts: 204
    • View Profile
Re: Squid3 & dansguardian transparent proxy
« Reply #2 on: May 07, 2015, 11:35:48 pm »
Hi posde

Thanks for the reply, but I can confirm its not in 10,4, however when I ran update to upgrade firefox, I do see these options in the lmce-admin for a proxy  and web filter but  when you  click them, you get the below error.

{ScriptTRColor}
 
Not a valid section

I guessing these are for the release of 12.4
.


Cheers
Gov


Marie.O

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3675
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Squid3 & dansguardian transparent proxy
« Reply #3 on: May 08, 2015, 10:20:42 am »
phenigma just confirmed to me that Albalasco seems to have completed the stuff, but it isn't in the repo yet. And he is currently AWOL

Govo

  • Guru
  • ****
  • Posts: 204
    • View Profile
Re: Squid3 & dansguardian transparent proxy
« Reply #4 on: May 08, 2015, 06:32:07 pm »
Brilliant, thanks for the reply.

phenigma

  • LinuxMCE God
  • ****
  • Posts: 1758
    • View Profile
Re: Squid3 & dansguardian transparent proxy
« Reply #5 on: May 10, 2015, 01:04:15 am »
:(  I'm hoping we can get this all resolved soon.  However we won't be adding it to the 1004 release specifically (if we can get it perfect in 1204 you might twist my arm but the chances are slim).  Govo thank you for the info to get it working in 1004 now!  :D

-Jason

Govo

  • Guru
  • ****
  • Posts: 204
    • View Profile
Re: Squid3 & dansguardian transparent proxy
« Reply #6 on: May 15, 2015, 08:55:59 pm »
No problem at all.