Web Proxy server and DHCP Server on ubuntu 12.04

[SeijiSensei]

I've tried this acl on the squid and acl fb dstdomain .proxysite.com, i guess it works for now since ive tried it and use the https:// to break through but still block.

can i join the dns and dhcp server on the same physical server? including also the squid3? and i only have 2 lan card on it.

Yes. Just make sure you specify the LAN-facing interface in /etc/default/dhcp3-server.

[neil1188]

I have my dns and dhcp server installed and configured but when i connect my other computer it doesnt get an ip from dhcp server. the computer is connected directly on the server for testing.

what should be the problem?

[neil1188]

guys ive already configure all of the servers that i've wanted ;

DNS
DHCP
Squid

the only problem is how can i use the squid on dhcp server?.
I made a script and make it executable.

#!/bin/sh # Squid server IP SQUID_SERVER="10.0.0.1" # Interface connected to Internet INTERNET="eth0" # Address connected to LAN LOCAL="10.0.0.0/24" # Squid port SQUID_PORT="3128" # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Enable Forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE iptables -A FORWARD -s $LOCAL -j ACCEPT # unlimited access to LAN iptables -A INPUT -s $LOCAL -j ACCEPT iptables -A OUTPUT -s $LOCAL -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -s $LOCAL -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT #open everything iptables -A INPUT -i $INTERNET -j ACCEPT iptables -A OUTPUT -o $INTERNET -j ACCEPT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP



They say that this will finish the deal. But still failed
I can still access the facebook

thanks in advance guys

[newbie-user]

You can block facebook using regular expressions in squid. Basically, squid checks the request to see if facebook appears, and if it does, it blocks the request. Read here http://wiki.squid-cache.org/SquidFaq/SquidAcl in the section "How do I implement an ACL ban list?" and "How can I block access to porn sites?"

As for the script, I'm having a hard time reading it. Anyway, I would suggest creating a ruleset for iptables and saving it somewhere. First set up the rules, then create a save file, the reload the save file every time the server starts:

Code:

#save your iptables config
iptables-save > /path/to/iptables/save/file

#to reload iptables save file
iptables-restore < /path/to/iptables/save/file

To autoload iptables during booting, create an executable script in /etc/network/if-pre-up.d/ as shown below:

Code:

#!/bin/bash
iptables -F
iptables-restore < /path/to/iptables/save/file
exit 0

[neil1188]

thanks all !!! I'ts already working specially to sensei for sticking on me and have a lots of patience thanks all

[neil1188]

oh oh.. the https is open again

[newbie-user]

Did you try to block port 443 with iptables?

[SeijiSensei]

I don't see any rule in that mess of text that refers to HTTPS traffic. Blocking that is a whole other ball game since trying to do it with squid will generate complaints about "man-in-the-middle" attacks. You have to either disable HTTPS entirely by blocking requests to port 443, or blocking requests to selected remote sites.