Advanced Proxy Server
Transcript of Advanced Proxy Server
1- We assign ip dns of machine squid
2- Then put the gateway from ISP
3- And this is the ip address that we assign in machine proxy squid
4- Install squid by yast
5- After that we configure file squid.conf
6- First we configure on port that to allow client use proxy
7- After that we set on size memory cache on RAM
8- Then to allow store cache this path by delete # and number according to you need
9- Now we to create access list like below
10- After that we apply to rule that created on ACL
11- Then restart our squid services
12- And use command below to update cache
13- For client use squid can ping to interface that connected only
14- After that need to configure port squid that allow client use on web browser
15- Then client can access to internet by using proxy
16- Now we want to deny client not allow use internet need to apply rule to ACL like below
17- After that restart services squid again then client access internet it show like this
18- Now we want block our client not allow use http://www.yahoo.com need to create rule like this on access list
19- After that we apply to rule that created on ACL for block website yahoo from client
20- Now we access website yahoo.com it show like this
21- And now we want block client download file exe across proxy need to create one access list after that we to apply rule on access list that created like below
22- Now client download file ( .exe ) from internet like below
23- After click on file download exe it will show like this on web
24- When Install SquidGuard it need service dependence like below
25- Then to install service dependence by yast like below
26- Then we install Squid Guard again it will success like below
27- And we disable this line to Security on Squid that allow client to affect Rule
28- Then we vi /etc/squidguard.conf and write content like below
29- Then we change owner of directory like below to user squid
30- Then we edit file squid.conf and write like below to allow squid use SquidGuard
31- Then we use command squidGuard –C all to create file extentsion (.db)
32- Then it create file *.db automatically like below and change owner to squid below this
33- Now we take this website from black list to access from client web browser
34- Then access web site from black list it will redirect to timetables.cist.lan auto like below
35- Now we extract file shallalist to path below
36- After extract we will see all filed by type of each files in folder BL
37- Then we write add line in file SquidGuard.conf like below
38- Then we use command squidGuard –C all to create files domains.db & urls.db
39- Now we change owner to file (.db) by chown to user squid
40- Then Google Take it can’t login like below
41- Speed to allow IP address client download across our proxy squid in file squid.conf add line below
42- Then when we download will see the speed on DU metter or look on process file download from website that link to packet
delay_pool 1 delay_class 1 1 delay_parameters 1 1024/2048 delay_access 1 allow LAN_10_2
**Authentication users from Active Directory 1- On DNS local must be work properly for resolve like below
2- Put the gateway of dns local is ip address proxy server that connected with interface dns local
Echo 1 > /proc/sys/net/ipv4/ip_forward 0- iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE 1- jont domain from proxy 2- list users : wbinfo -u , wbinfo -g 3-: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic chilldren 5 auth_param basic realm savy.happy.net auth_param basic credentialsttl 2 hours auth_param basic casesensitive off 4- create acl ( acl clients src 10.1.1.2 , acl auth proxy_auth REQUIRED ) 5- http_access allow client auth 6- DNS Local must forward to DNS Publich by name & ip address 7- Gateway DNS Local put IP proxy that connected with DNS
3- Then on Forwarders we add name DNS publish and then add IP address of DNS publish
4- Then Edit file /etc/resolve.conf put the name and IP address DNS local like this not use DNS publish
5- And on proxy server by yast we put the name and IP address our DNS local
6- Use IPTables script to allow DNS local to use DSN publish and echo command to allow difference LAN and ping each other
7- And by yast network services � windows domain member ship � then put the Domain name of DNS that we want to joint � OK
8- Then joint domain must be successful and can install packet until finish when joint domain
9- Then we can list users & Group on AD by use command below
10- And on file /etc/squid/squid.conf line 297 we add all this line
11- And file squid.conf we create ACL like this have ACL & auth
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic chilldren 5 auth_param basic realm savy.happy.com auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
12- Then we apply rule to acl that created on http_access
13- After that on client open web browser if connected to Internet by proxy server it must be authentication user name & password like below user from AD then put user name and password client can access to internet
14- After put user name & password client can access internet like below by authentication user name & password user from Active Directly
Install and configure mysar 1- Install services mysql & apache2 by yast 2- Now we extract mysar to path /srv/www/htdocs directory by command below
3- Then we access web page by web browser client http://10.1.1.1/mysar/www we specific to path store file like this because we new install so we must specific path to find install file on machine � Choose click continue for installation process
4- After that it will show like this on web browser client we click on new install
5- And then we put the database name user control full machine SuSE and user name control only mysar database, I not put password user root because I not assign by mysqladmin � Submit Query
6- After that it will show like this on web page
7- Then we must to create one file config.ini path /srv/www/htdocs/mysar/etc/config.ini and put the information that show on this web page
8- Edit file config.ini and write this information that file then save it
9-After complete the information click on Click here to try again it will show like this on web page � click here continue
10- Then it will show message on web page to delete directory install on path /srv/www/htdocs/mysar/www/ and delete folder install
11- After alert message on web page we go to delete folder on this path � Start using mysar ! on web page
12- After delete install folder it will show like this on web page
13- Then we use this command to use access log show on mysar database then it will show on web page
14- And if we want to restart this command automatically can use crontab –e and write this content ( 6 * * * * ) it mean every hour at 6 minute it will back up report to show on mysar
15- Then after generate report it will show on web page mysar all client IP address and user access internet, speed user use across proxy
Sarg installation 1- This services it dependence when install sarg packet on sless11
2- Then we install sarg like below
3- Afte that we to path /etc/squid/sarg
4- Edit file sarg.conf at line 143 we msut change to path /srv/www/htdocs/sarg like below
5- Command - : sarg-reports daily: for generate report users access internet every day to show on sarg web page - : sarg: sarg command use to create directory sarg on path /srv/www/htdocs/
6- Then we access web page by http://10.1.1.1/sarg it will show on web page like this
7- Then we can select one user that access internet show on sarg to see detail user access internet like below
Transparent proxy automatically client