[ILUG] dansguardian, squid, smoothwall and transparent proxying
A. Dreyer
adreyer at math.uni-paderborn.de
Wed Mar 9 12:54:44 GMT 2005
Proinnsias Breathnach wrote:
> On Wed, Mar 09, 2005 at 12:12:32AM +0000, conor.daly at cod.utvinternet.com wrote:
>
>>Eeek! Now that the kids are starting to want to go surfing, I'm working
>>on a dansguardian / squid setup for the HAN.
>
> <snip>
>
>>So, is there anything I can do to get smoothwall either
>>
>>1. Use my internal dans/squid proxy transparently
>>2. Block relevant ports outbound so that a manual proxy config will be
>> needed.
>>
>
> On the smoothwall: try putting this in the /etc/dhcpd.conf - it should
> work for both linux and win clients - but I've only used it on winXP
> ones :(
>
> subnet 192.168.X.0 netmask 255.255.255.0
> {
> option subnet-mask 255.255.255.0;
> option domain-name "mydomain.home";
> option routers 192.168.X.1;
> option domain-name-servers 192.168.X.2;
> option option-252 "http://proxy.mydomain.home/proxy.pac\n" ;
> range dynamic-bootp 192.168.X.50 192.168.X.250;
> default-lease-time 86400;
> max-lease-time 86400;
> }
>
> and the http://proxy.mydomain.home/proxy.pac file should be :
>
> ---------------8<------------------
> function FindProxyForURL(url, host)
> {
> if (isInNet(host, "192.168.X.0", "255.255.255.0")) {
> return "DIRECT";
> } else {
> if (shExpMatch(url, "http:*"))
> return "PROXY proxy.mydomain.home:3128" ;
> if (shExpMatch(url, "https:*"))
> return "PROXY proxy.mydomain.home:3128" ;
> if (shExpMatch(url, "ftp:*"))
> return "PROXY proxy.mydomain.home:3128" ;
> return "DIRECT";
> }
> }
> ---------------8<------------------
>
>
> P
Another way to tell the windows client where to search for the
"proxy.pac" or "wpad.dat" is to set up a DNS alias named
"wpad.$yourdomain". It is the default behaviour to search for this
hostname and look for the named file in the webroot of that server.
Something to read:
Configure Firewall and Web Proxy Client Autodiscovery in Windows 2003
(Microsoft - KnowledgeBase Artikel 816320)
http://support.microsoft.com/default.aspx?scid=kb;en-us;816320
WinHTTP AutoProxy Support
(Microsoft - Platform SDK: Windows HTTP Services (WinHTTP))
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/winhttp_autoproxy_support.asp
Automatic configuration file format
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#netscape-pac
Configuring Browsers for WPAD
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.10
Configuring Browsers for WPAD with DHCP
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.11
Microsoft Proxy Server 2.0 - Direct IP Authentication
http://wwwcache.ja.net/servers/proxy/directip.html
CU
Regards,
Achim Dreyer
--
A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant
Tel.: +49 5247 / 406987-2 || http://www.adreyer.com/
More information about the ILUG
mailing list