[CS-FSLUG] DansGuardian installation
John Mark Clayton
clayton256 at gmail.com
Sun Mar 4 14:17:05 CST 2007
Well then I'm confused and obviously this installation is over my head.
Can anyone point me to instructions for setting up squidguard, etc
on a small lan. The lan has a dsl modem/router with builtin wireless, a
wired linux file/print/dns/server, a wireless linux client and a wireless
xp client.
I'd really appreciate any and all help,
Mark
On 3/4/07, Stephen J. McCracken <smccracken at hcjb.org.ec> wrote:
> Tim Young wrote:
> > The only real difference is that you need to set up a "transparent proxy
> > http://www.faqs.org/docs/Linux-mini/TransparentProxy.html
>
> I didn't read the article, but this is NOT TRUE. You can easily set
> this up without it being a transparent proxy. In fact, transparent
> proxies will NOT work in some situations (most notably when you require
> proxy authentication). We have squid and dansguardian set up for about
> 300 clients on our network (including proxy authentication). We don't
> have multiple LAN cards in the proxy either. (We do block direct access
> out for most clients (allowing only the proxy server direct access out)
> so that the only option to get to the web is to go through the proxy.)
> We have also set up automatic detection on the network so things usually
> just work.
>
> For automatic detection, look up information on "WPAD" which is MS's
> "extension" of Netscape's proxy.pac structure. Basically you need to
> have a web server serve up the proxy.pac named as wpad.dat from
> wpad.<domain>.<tld>
>
> You can realistically run it all on one box with DNS, DHCP (maybe),
> Apache, Squid, and Dansguardian. You have:
>
> - DHCP that lets every computer know that it's in the domain.tld network.
> - DNS that, among other things, resolves wpad.domain.tld to the apache
> server.
> - Apache that serves the wpad.dat (proxy.pac renamed) file from the root
> of wpad.domain.tld.
> - the wpad.dat file (served from Apache) tells the browser which proxy
> to use and when (point them at Dansguardian on the same box).
> - Dansguardian gets the web requests and forwards them on to Squid (on
> the same box) to actually retrieve them.
>
> There are more complex setups, but that's the basic idea. Many people
> actually think that transparent proxying is a *very bad idea* as it
> breaks things.
>
> sjm
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>
--
clayton256 at gmail.com
More information about the Christiansource
mailing list