LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-29-2004, 12:47 AM   #1
Trano
Member
 
Registered: Jul 2004
Posts: 30

Rep: Reputation: 15
Redirect before accessing internet


I am using a fedora core 2 machine as a router, firewall, access point, dhcp, dns, and wins server. I have all this working using shorewall and having a single zone with 2 subnets, 10.0.2.0 for the wired network and 10.0.3.0 for the wireless network.

What I want to be able to do, is have any new computer that has joined the network have to view a page and agree to its terms before being able to access the internet. I want to keep the access point open for anyone who wants it, but I don't want to end up having someone launch an attack from my network and me get blamed for it.

I was thinking of using squid as a transparent proxy and having it redirect the page. Can squid do this? Or is there another program that will allow this?

Thanks to anyone who can help me with this.
 
Old 08-14-2004, 02:51 AM   #2
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
yes squid can do what you want but you will probably want to setup squidguard to do filtering it can do it based on Ip address so you can add a list of ips that can access the internet and and when ever a new ip joins the network they get redirect to another page
 
Old 01-21-2005, 01:13 PM   #3
obukev
LQ Newbie
 
Registered: Jan 2005
Distribution: Fedora Core 3
Posts: 1

Rep: Reputation: 0
squid and transparent proxy

Configuring Squid for Simple Proxy
I encourage people to install squid from source code. If you want to use squid in transparent way then install squid with following options
This is to configure Squid with support for transparent proxy
Code:
# enabling the transparent proxy feature during compliation.
./configure --enable-linux-netfilter
# then make
make
# then make install
make install


After installing squid successfully we have to configure squid to work for us.

So open /usr/local/squid/etc/squid.conf and uncomment the options which you requires or use the following squid.conf and modify it according to your use..
Code:



# Set the maximums size of the object which will be cached.

maximum_object_size 8192 KB

# Set maximum physical RAM to be used for storing objects.
# NOTE: typically squid uses much more RAM then specified so when we said 16 MB then actually it is using around 25 MB RAM.

cache_mem 16 MB


# use to set where to store cache. here it is /cache of size 2048 MB.
# Here 22 and 256 are used to define directory structure so you don't have to touch it.

cache_dir ufs /cache 2048 22 256


# Here we are disabling cache_store_log as it will only increase disk usage.
# You can enable it anytime by specifying path instead of "none" directive"

cache_store_log none


# Here we are specifying that when we say "all " then it means whole internet.
# Also specifying some required acls.

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255


# Here specifying acls for which ports are allowed, which network is allowed to use our proxy .
# Here "your_netwrok" is the name use for your network.
# Change 192.168.0.0/255.255.255.0 to address of your LAN

acl your_network src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT


# Here giving permission for localhost ie this machine to access proxy.

http_access allow manager localhost
http_access deny manager


# Denying access to ports which are not safe

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports


# Allowing access to LAN and denying others.

http_access allow your_network
http_access deny all
icp_access allow all
miss_access allow all


# Give the email of your adminstrator which can be contacted if anything goes wrong by the users.

cache_mgr you@yourdomain.com


# Set here the hostname of your proxy box. You can set anything if don't have any FQDN .

visible_hostname you.yourdomain.com
unique_hostname you.yourdomain.com


# Directive for squid proxy to work also in Transparent mode.
# If not using transparent proxy then you still keep them.

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


# Set the port which will be used by clients to access squid proxy

http_port 3128



Now you have your squid.conf ready to go. But before running squid run following to initialized the cache directory
Code:
/usr/local/squid/sbin/squid -z
If it don't give any error then we should move to next step.

Now run squid by (Internet should be already connected)
Code:
/usr/local/squid/sbin/squid


Now see /usr/local/squid/var/logs/cache.log if you see some thing like this..
Code:


2004/01/08 22:48:30| Ready to serve requests.


2004/01/08 22:48:30| Completed Validation Procedure
2004/01/08 22:48:30| Validated 7002 Entries
2004/01/08 22:48:30| store_swap_size = 63960k
2004/01/08 22:48:31| storeLateRelease: released 0 objects

If you see some thing like above then you have squid configured correctly and it is working.
Now you have squid ready to use.

Note:
To Use squid configure your clients brower to use proxy by setting the ip of proxy server as your computer's ip running squid and specifying the port as 3128 or other which have changed in squid.conf . Make sure you add same port for SSL proxy as for HTTP proxy .
Now try to surf the net from client and check /usr/local/squid/var/logs/access.log to see whether the site you have opened is recored in access.log to make sure your computer is using squid.
It is now all done. I have tried to make it simple and practical but there are various other aspect of squid which are not covered here. But I hope as you get your squid working then you will understand them all yourself.


Part (b)
Setting Up squid to run in Transparent Mode
After making sure that your proxy is working fine. You can use transparent proxy if you want to use it.
To run proxy in Transparent mode add the following lines to your NAT script as I specified here NAT / internet shaaring how to
Code:
#Transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128


And now set your client's browser to not to use the proxy and open a site from client then check the access.log to see that the site opened by use is redirected to squid or not.
If you are able to open websites and also that is getting logged in access.log then your transparent proxy is up and working.

If this don't work but you are able to open sites using simple proxy then you are probably not having NAT. See NAT / internet sharing how to
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help accessing the internet ubuntu_nig Ubuntu 6 10-07-2005 08:35 AM
Accessing the internet... TBomb Linux - Networking 7 07-24-2005 09:54 AM
Accessing Internet thru Linux 9.0? sanket21 Linux - Newbie 6 01-10-2005 01:18 PM
How to know which program is accessing the Internet. mattmiller Linux - Networking 7 08-05-2004 03:23 PM
Accessing the internet ruitao Linux - General 2 03-05-2003 07:27 PM


All times are GMT -5. The time now is 09:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration