Are you suffering from the following constraints in office ?
With regards to OpenDNS I have already discussed in my earlier post. Here I would briefly describe as to how squid can work in conjunction with OpenDNS. In the scenario depicted in this post, squid would primarily act as a Transparent Proxy & Caching Engine, with major portion of Content Filtering being managed by OpenDNS.
The configuration procedure is as follows -
1) Install Linux
2) Configure auto-starting of network service during boot-up -
chkconfig --level 35 network on
3) Configuring for permanent IP forwarding -
echo 1 > /proc/sys/net/ipv4/ip_forward
To keep ip forwarding permanent edit /etc/sysctl.conf & set net.ipv4.ip_forward = 1
4) Squid configuration
a) Install squid.
b) Check normal Internet access.
c) Now check squid from web browser setting the Proxy IP & Port to 3128.
If you receive an access denied error, add an acl in /etc/squid/squid.conf
acl aclname src 10.x.x.0/24 # Your Network
http_access allow aclname
http_access deny all
c) Configuring squid as a Transparent Proxy
i) Edit /etc/squid.conf & set
http_port 3128 transparent
ii) Check the access.log file located at /var/log/squid . If it gives a WARNING saying that squid cannot work in transparent mode, you then need to check whether your existing netfilter package is compatible with your existing Kernel. If not, you then need to upgrade/downgrade your netfilter package or your Linux Kernel or the entire Linux distribution, if required. For finding more information on the same please Google around.
iii) Port forwarding
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
This command would forward all Port 80 (Internet) requests received on the Linux Server to the squid's 3128 Proxy Port.
5) Configure auto-starting of iptables service during boot-up
chkconfig --level 35 iptables on
6) Configure auto-starting of squid service during boot-up
chkconfig --level 35 squid on
8) Now in /etc/resolve.conf set the DNS Servers to the OpenDNS Servers
nameserver1=202.67.222.222
nameserver2=202.67.220.220
Your Linux Box is now completely ready to do Caching (thus reducing the Bandwidth utilization) that to in transparent mode. The advantage of this setup is that you can now extend the list of Blocked Sites from squid, since OpenDNS has a custom Block List limited to only 25 sites.
- Less Internet Bandwidth
- Unrestricted Internet access
- Very less budget for IT
With regards to OpenDNS I have already discussed in my earlier post. Here I would briefly describe as to how squid can work in conjunction with OpenDNS. In the scenario depicted in this post, squid would primarily act as a Transparent Proxy & Caching Engine, with major portion of Content Filtering being managed by OpenDNS.
The configuration procedure is as follows -
1) Install Linux
2) Configure auto-starting of network service during boot-up -
chkconfig --level 35 network on
3) Configuring for permanent IP forwarding -
echo 1 > /proc/sys/net/ipv4/ip_forward
To keep ip forwarding permanent edit /etc/sysctl.conf & set net.ipv4.ip_forward = 1
4) Squid configuration
a) Install squid.
b) Check normal Internet access.
c) Now check squid from web browser setting the Proxy IP & Port to 3128.
If you receive an access denied error, add an acl in /etc/squid/squid.conf
acl aclname src 10.x.x.0/24 # Your Network
http_access allow aclname
http_access deny all
c) Configuring squid as a Transparent Proxy
i) Edit /etc/squid.conf & set
http_port 3128 transparent
ii) Check the access.log file located at /var/log/squid . If it gives a WARNING saying that squid cannot work in transparent mode, you then need to check whether your existing netfilter package is compatible with your existing Kernel. If not, you then need to upgrade/downgrade your netfilter package or your Linux Kernel or the entire Linux distribution, if required. For finding more information on the same please Google around.
iii) Port forwarding
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
This command would forward all Port 80 (Internet) requests received on the Linux Server to the squid's 3128 Proxy Port.
5) Configure auto-starting of iptables service during boot-up
chkconfig --level 35 iptables on
6) Configure auto-starting of squid service during boot-up
chkconfig --level 35 squid on
8) Now in /etc/resolve.conf set the DNS Servers to the OpenDNS Servers
nameserver1=202.67.222.222
nameserver2=202.67.220.220
Your Linux Box is now completely ready to do Caching (thus reducing the Bandwidth utilization) that to in transparent mode. The advantage of this setup is that you can now extend the list of Blocked Sites from squid, since OpenDNS has a custom Block List limited to only 25 sites.
No comments:
Post a Comment