Dansguardian & Squid....
I have been asked about something and I'm not sure I know the answer in all honesty....
I've been asked whether the following would work.....
If the internet comes into the main router... how could we set it up so that certain IP's or Ranges would be forwarded to a DG / Squid server if said IP / IP Range is in a blacklist ? All Internet traffic is NOT permitted to go through the proxy, only traffic that is deemed to be blocked is to go to the proxy.
Any Ideas ?
What do you use before between the router and the firewall? Or do you just use the router as the Default gateway?
Send everything through the proxy and tell the proxy what to do based on IP range. Most routers aren't intelligent enough to do this sort of work on their own. Some high end Cisco routers do talk WCCP though.
I'd vlan it off and pass it to the dg/squid/smoothwall that way.
Originally Posted by cpjitservices
Quoting Plusnet "If the IP address matches that of a server that's used to host one of the websites on the IWF list then your request is diverted to a proxy server - but does that mean all of their traffic is going through the proxy or just the stuff on the IWF list ?
The way cleanfeed works is that the routers check if the IP matches the ones on the blacklists. If so they send the request off to proxy servers which then check the urls. If you hit both blocks then you end up at the blocked webpage.
The routers doing the first stage of this operation are carrier grade equipement though. You're talking about top of the range Cisco/Juniper/Nortel/etc equipment.
We have Juniper routers so I'm guessin its just a case of looking up the configs.
Juniper have good examples. You need to turn the 'walled garden' example on its head. Rather than saying 'nothing is ok other than the portal and google' you want to say 'everything is ok apart from these ips'. The rest of the configuration is the same though.
Configuring HTTP Redirect Services - Technical Documentation - Support - Juniper Networks