+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, Dansguardian & Squid.... in Technical; I have been asked about something and I'm not sure I know the answer in all honesty.... I've been asked ...
  1. #1
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    East Yorkshire
    Posts
    2,148
    Thank Post
    439
    Thanked 236 Times in 215 Posts
    Blog Entries
    2
    Rep Power
    68

    Dansguardian & Squid....

    I have been asked about something and I'm not sure I know the answer in all honesty....

    I've been asked whether the following would work.....

    If the internet comes into the main router... how could we set it up so that certain IP's or Ranges would be forwarded to a DG / Squid server if said IP / IP Range is in a blacklist ? All Internet traffic is NOT permitted to go through the proxy, only traffic that is deemed to be blocked is to go to the proxy.


    Any Ideas ?

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,713
    Thank Post
    269
    Thanked 1,115 Times in 1,011 Posts
    Rep Power
    345
    What do you use before between the router and the firewall? Or do you just use the router as the Default gateway?

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Send everything through the proxy and tell the proxy what to do based on IP range. Most routers aren't intelligent enough to do this sort of work on their own. Some high end Cisco routers do talk WCCP though.

  4. #4
    DT2
    DT2 is offline
    DT2's Avatar
    Join Date
    May 2011
    Location
    Lakeville, Carleton County, New Brunswick
    Posts
    694
    Thank Post
    140
    Thanked 198 Times in 139 Posts
    Rep Power
    73
    Quote Originally Posted by cpjitservices View Post
    I have been asked about something and I'm not sure I know the answer in all honesty....

    I've been asked whether the following would work.....

    If the internet comes into the main router... how could we set it up so that certain IP's or Ranges would be forwarded to a DG / Squid server if said IP / IP Range is in a blacklist ? All Internet traffic is NOT permitted to go through the proxy, only traffic that is deemed to be blocked is to go to the proxy.


    Any Ideas ?
    I'd vlan it off and pass it to the dg/squid/smoothwall that way.

    DT

  5. #5
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    East Yorkshire
    Posts
    2,148
    Thank Post
    439
    Thanked 236 Times in 215 Posts
    Blog Entries
    2
    Rep Power
    68
    Quoting Plusnet "If the IP address matches that of a server that's used to host one of the websites on the IWF list then your request is diverted to a proxy server - but does that mean all of their traffic is going through the proxy or just the stuff on the IWF list ?

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    The way cleanfeed works is that the routers check if the IP matches the ones on the blacklists. If so they send the request off to proxy servers which then check the urls. If you hit both blocks then you end up at the blocked webpage.

    The routers doing the first stage of this operation are carrier grade equipement though. You're talking about top of the range Cisco/Juniper/Nortel/etc equipment.
    Last edited by Geoff; 30th May 2012 at 04:16 PM.

  7. Thanks to Geoff from:

    cpjitservices (30th May 2012)

  8. #7
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    East Yorkshire
    Posts
    2,148
    Thank Post
    439
    Thanked 236 Times in 215 Posts
    Blog Entries
    2
    Rep Power
    68
    We have Juniper routers so I'm guessin its just a case of looking up the configs.


    Thanks

  9. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Juniper have good examples. You need to turn the 'walled garden' example on its head. Rather than saying 'nothing is ok other than the portal and google' you want to say 'everything is ok apart from these ips'. The rest of the configuration is the same though.

    Configuring HTTP Redirect Services - Technical Documentation - Support - Juniper Networks
    Last edited by Geoff; 30th May 2012 at 04:28 PM.

  10. Thanks to Geoff from:

    cpjitservices (30th May 2012)

SHARE:
+ Post New Thread

Similar Threads

  1. Squid/dansguardian Redirecting to Office Download Page
    By glennda in forum Internet Related/Filtering/Firewall
    Replies: 24
    Last Post: 6th November 2010, 08:18 PM
  2. Need a Dansguardian / Squid configuration expert
    By Number6 in forum Internet Related/Filtering/Firewall
    Replies: 70
    Last Post: 10th August 2010, 12:31 PM
  3. Replies: 10
    Last Post: 11th May 2010, 10:13 AM
  4. ntlm_auth | Dansguardian | Squid
    By ahuxham in forum *nix
    Replies: 11
    Last Post: 24th July 2008, 07:24 PM
  5. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •