[ILUG] dansguardian, squid, smoothwall and transparent proxying

conor.daly at cod.utvinternet.com conor.daly at cod.utvinternet.com
Wed Mar 9 14:13:14 GMT 2005 

On Wed, Mar 09, 2005 at 12:12:40PM +0000 or so it is rumoured hereabouts, 
Proinnsias Breathnach thought:
> On Wed, Mar 09, 2005 at 12:12:32AM +0000, conor.daly at cod.utvinternet.com wrote:
> > Eeek!  Now that the kids are starting to want to go surfing, I'm working
> > on a dansguardian / squid setup for the HAN.  
> <snip> 
> > So, is there anything I can do to get smoothwall either 
> > 
> > 1. Use my internal dans/squid proxy transparently
> > 2. Block relevant ports outbound so that a manual proxy config will be
> >    needed.  
> > 
> On the smoothwall: try putting this in the /etc/dhcpd.conf - it should
> work for both linux and win clients - but I've only used it on winXP
> ones :(

Fortunately, I've only one win32 box (with IE removed) in the house, the
rest are linux machines.  This does depend on the machines using dhcp
though.  Once junior_X figures out how to set a static IP address, this
will get bypassed unless I can block outbound also.  However, in the
meantime, can I put this stuff into my dhcpd.conf on the internal server
(which is already serving dhcp for the network?  Or does this have to
happen on the smoothie?
 
> subnet 192.168.X.0 netmask 255.255.255.0
> {
>         option subnet-mask 255.255.255.0;
>         option domain-name "mydomain.home";
>         option routers 192.168.X.1;
>         option domain-name-servers 192.168.X.2;
>         option option-252 "http://proxy.mydomain.home/proxy.pac\n" ;
>         range dynamic-bootp 192.168.X.50 192.168.X.250;
>         default-lease-time 86400;
>         max-lease-time 86400;
> }
> 
> and the http://proxy.mydomain.home/proxy.pac file should be :
> 
> ---------------8<------------------
> function FindProxyForURL(url, host)
> {
>    if (isInNet(host, "192.168.X.0", "255.255.255.0")) {

What does this line mean?  Sounds like it bypasses the proxy stuff for
hosts in the network 192.168.X.0 which is what all of my hosts are in.

>       return "DIRECT";
>    } else {
>       if (shExpMatch(url, "http:*"))
>          return "PROXY proxy.mydomain.home:3128" ;
>       if (shExpMatch(url, "https:*"))
>          return "PROXY proxy.mydomain.home:3128" ;
>       if (shExpMatch(url, "ftp:*"))
>          return "PROXY proxy.mydomain.home:3128" ;
>       return "DIRECT";
>    }
> }
> ---------------8<------------------

Conor

-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)
---------------------
Hobbiton.cod.ie
 14:03:51  up 30 days,  1:24,  1 user,  load average: 0.00, 0.01, 0.00

More information about the ILUG mailing list