LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-16-2005, 06:32 AM   #1
vyom
LQ Newbie
 
Registered: Feb 2005
Location: Bangalore, India
Distribution: RedHat 9.0, Fedora Core 3
Posts: 18

Rep: Reputation: 0
Plz give me some information on proxy server (squid)


hi,

i have set up squid as the proxy server on fedora core 3, everything is going on really well. all my proxy clients are win 2000/XP machines. now, the question is, how far can the proxy server help keep viruses and trojans away from the windows machines? a friend said that only the proxy server might get attacked and clients can happily stay safe and having protection at that level is enough. could he be right? i am even planning to install clamav (anti-virus) on the fc3 machine. iptables (firewalls) have been configured. i'm totally confused. please give me the best possible suggestion regarding this .

thanx in advance
 
Old 03-16-2005, 08:49 AM   #2
phatboyz
Member
 
Registered: Feb 2004
Location: Mooresville NC
Distribution: CentOS 4,Free BSD,
Posts: 358

Rep: Reputation: 30
Just using squid you are not going to protect your self. Squid is a cacheing server which means its works like your temporary internet files folder under windows. It just stores a local copy of the webpage to lessen the burden on your internet line. Thats just about what squid does. If you use dansguardian which I totally recommend then you would be helping your self out. Dansguardian is a filter for squid. It can filter file types like .exe .mp3. or what ever you specify. This is the point where you network be comes safe. If your going to run a proxy server then you need to have your router/firewall block all internet request except for the ones comming from your server. This way no one can get around your proxy by using another free one.

Last edited by phatboyz; 03-16-2005 at 08:51 AM.
 
Old 03-24-2005, 12:06 AM   #3
vyom
LQ Newbie
 
Registered: Feb 2005
Location: Bangalore, India
Distribution: RedHat 9.0, Fedora Core 3
Posts: 18

Original Poster
Rep: Reputation: 0
Hi,

I'm unable to get ThunderBird on proxy clients work thru Squid. Connection fails in spite of having connection settings tuned to use Squid. Any idea?
 
Old 03-24-2005, 07:14 AM   #4
phatboyz
Member
 
Registered: Feb 2004
Location: Mooresville NC
Distribution: CentOS 4,Free BSD,
Posts: 358

Rep: Reputation: 30
What are your acls?
 
Old 03-30-2005, 02:35 AM   #5
vyom
LQ Newbie
 
Registered: Feb 2005
Location: Bangalore, India
Distribution: RedHat 9.0, Fedora Core 3
Posts: 18

Original Poster
Rep: Reputation: 0
here are my acls.......before that, a question: do i have to include SMTP and POP ports in acls so that they are allowed thru squid?

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
 
Old 03-30-2005, 07:42 AM   #6
phatboyz
Member
 
Registered: Feb 2004
Location: Mooresville NC
Distribution: CentOS 4,Free BSD,
Posts: 358

Rep: Reputation: 30
Those are not the acls that I am looking for. Keep reading further down.


# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl Indy src 10.0.1.0/24
http_access allow Indy
acl Mooreville src 10.0.2.0/24
http_access allow Mooreville
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks


This is what you need to add. Use your network settings.
 
Old 03-30-2005, 10:51 PM   #7
vyom
LQ Newbie
 
Registered: Feb 2005
Location: Bangalore, India
Distribution: RedHat 9.0, Fedora Core 3
Posts: 18

Original Poster
Rep: Reputation: 0
i already have done that, pal......the clients are able to browse the web (http, ftp, https etc.). but the email programs on their machines like thunderbird, eudora which use smtp and pop do not work thru proxy! i have made the connection settings to use proxy, yet unable to get connected to the corresponding mail servers. (theoritically, all settings are perfect). in my previous post, i had asked whether i should open up smtp and pop ports in my acls.
 
Old 03-30-2005, 11:31 PM   #8
overlord73
Member
 
Registered: Apr 2004
Location: ..where no life dwells..
Distribution: RH,FC/SuSE/Debian/HPUX/OSX
Posts: 511

Rep: Reputation: 30
hi,
squid is a Web-Proxy Cache!
so it supports proxying and caching of HTTP, FTP...
 
Old 03-31-2005, 06:57 AM   #9
phatboyz
Member
 
Registered: Feb 2004
Location: Mooresville NC
Distribution: CentOS 4,Free BSD,
Posts: 358

Rep: Reputation: 30
Oh...I didn't read it. I thought that you had no connections. My bad. Yes in theory you should open the ports, but I have never sent my mail through a proxy sever. I usually have a local mail server that the clients connect to direct. On my network only the proxy server and mail server have dircet internet access. Other than that everother IP is blocked.

Maybe I wasn't to much help on this one.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 11:25 AM
Need help to connect a squid proxy to connect to another squid proxy server bellerophon Linux - Newbie 1 02-07-2006 06:52 AM
squid proxy server msound Linux - Networking 4 06-01-2005 11:59 AM
squid proxy server is timing out sconstable Linux - Networking 0 11-20-2003 06:45 PM
squid proxy server cmardhekar Linux - Newbie 0 09-29-2001 05:34 AM


All times are GMT -5. The time now is 03:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration