General > Feature requests & roadmap
Squid3 & dansguardian transparent proxy
Govo:
Hi
Just want to post this here future reference hope LMCE team don't mind, and for any one looking for transparent proxy the below works, I have it working on Linuxmce 10.4
remember I am not responsible if your machine breaks. but again I just want some were to future reference.
I respect the fact that squid in been worked on for the new up coming releases. as per http://wiki.linuxmce.org/index.php/Squid
and well done to the dev's.
Here'ss my quick notes to get it working (some wording is taken from http://wiki.linuxmce.org/index.php/Installing_Dansguardian & http://wiki.linuxmce.org/index.php/Squid )
Thank's to these wiki pages they helped a lot
sudo apt-get install squid3
edit squid3 config
nano /etc/squid3/squid.conf
replace
http_port 3128 to http_port 3128 transparent
Find the "acl localhost src" line and insert the following line below: "acl dcerouterlocalnet src 192.168.80.0/24"
Find the following line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
Under the line is one that reads "http_access allow localhost". Below this you need to insert a line allowing your local LAN; "http_access allow dcerouterlocalnet. Now save the file, and exit.
apt-get install dansguardian
nano /etc/dansguardian/dansguardian.conf
change filter port to 8081 and proxyip = 192.168.80.1
save
/etc/init.d/apache2 restart
/etc/init.d/dansguardian stop
/etc/init.d/dansguardian start
sudo /etc/init.d/squid3 restart
Edit file /usr/pluto/bin/Network_Firewall.sh from terminal
nano /usr/pluto/bin/Network_Firewall.sh OR vi /usr/pluto/bin/Network_Firewall.sh
NOTE: check ifconfig to figure out what lan card has static address eht0 or eth1 change the eth in the forward port rule to match lan card of static ip address from LMCE .ie 192.68.80.1
Add the below line in just under the heading # Set some default firewall parameters before opening ports
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8081
Then close and save and reboot the system, visit http://whatismyipaddress.com/proxy-check to check if proxy is working.
The normal firewall forwarding rule would not work even if you enable it, so my work around was to setup upon booting the core.
Install proxy graph to view the hits and page catches, follow the following link.
http://askubuntu.com/questions/12420/any-idea-how-to-use-tail-f-in-squid-to-see-logging-and-processing-on-localhost
Create cronjob under root to update chart
crontab -e
Add the following line
*/5 * * * * cd /etc/init.d/squid-graph && ./squid-graph --tcp-only -n -o=/var/www/squid-graph/ --title="Give your report a title " < /var/log/squid3/access.log
CD into /etc/init.d/squid-graph and edit the file nano squid-graph to add auto refresh to the html report for every 6 minutes
Locate the below line
print IDX "<H1>$title</H1>\n";
And add the below line under it
print IDX "<meta http-equiv=\"refresh\" content=\"360\" \n";
Marie.O:
govo,
nice work, but we already have that implemented in LinuxMCE. Check with Alblasco1702. Might be, that it is in 1204ff available only.
Govo:
Hi posde
Thanks for the reply, but I can confirm its not in 10,4, however when I ran update to upgrade firefox, I do see these options in the lmce-admin for a proxy and web filter but when you click them, you get the below error.
{ScriptTRColor}
Not a valid section
I guessing these are for the release of 12.4
.
Cheers
Gov
Marie.O:
phenigma just confirmed to me that Albalasco seems to have completed the stuff, but it isn't in the repo yet. And he is currently AWOL
Govo:
Brilliant, thanks for the reply.
Navigation
[0] Message Index
[#] Next page
Go to full version