Proxy with content filtering

[gwendes]

I'm keep hitting a barrier with setting up a proxy server and I'm not sure where the barrier is. I've installed Ubuntu/Debian with squid and Dansguardian as well as (attempting) an installation of dedicated distros ClarkConnect and CensorNet.

Hopefully someone can point out where it is that I am going wrong!

I work in a training centre that is connected to the school (with a 1.2Gbps fibre) and I want to install a proxy on one of the old servers to see how effective they are at stopping my bandwidth being eaten up by flash games and chat sites. I cannot connect two NICs as I only have a single connection to the school.

Ideally I would connect like this

IT room <> proxy (squid + Dansguardian) <> switch and uplink to school

With the installs I have done I get everything configured as per guides online, I get lovely 'It Works!' messages but the proxy seems unable to resolve any IP or connect me to a website.

CensorNet says that it works with a single NIC but still demands two indentical cards and, when I ignore, it cannot create a swap partition...

Am I just really unlucky or is what I'm trying to do just really stupid?

[contink]

I can't provide the answers on this particular blend you've got but I can say that I got the "Extended Defense Plus" Homebrew version of Smoothwall up and running and that includes dansguardian, and advanced proxy and more besides...

Additionally it provides you with some options such as a blue (wireless) port, orange DMZ.. but in your case a simple 2 card NIC profile.

One thing I'm a little confused about though.. you say you can't connect two NICs but I'd assume that you'd need two (one for Red (WAN facing) and one for Green (LAN facing) to make it all possible...

If you're not putting the proxy inline doesn't that make it somewhat tricky to avoid someone bypassing it?

[gwendes]

The plan is to force all computers through the proxy, using it as the gateway, on a single NIC. If this isn't possible it explains all the trouble I've had!

[plexer]

Censornet requires 2 nics to be in the box but it sets the 2 up as a bridge.

We use smoothwall vorporate guardian 5 which is a single nic proxy and filter.

Ben

[contink]

The plan is to force all computers through the proxy, using it as the gateway, on a single NIC. If this isn't possible it explains all the trouble I've had!

Well I don't know about the other systems but I'm sure you can't do it with smoothwall. However that's primarily a firewall product so it would make sense.

I could make some half assed suggestions at this point but I'd be guessing so I'll bow out and let those with the knowledge take over.

Right now though it does sound like the single NIC approach is part of your problem

[gwendes]

Censornet requires 2 nics to be in the box but it sets the 2 up as a bridge.

We use smoothwall vorporate guardian 5 which is a single nic proxy and filter.

Ben

Do they need to be identical? Do both cards need to be connected to a switch?

[plexer]

No once it's installed you just connect one of the cards to your switch.

Ben

[Geoff]

With the installs I have done I get everything configured as per guides online, I get lovely 'It Works!' messages but the proxy seems unable to resolve any IP or connect me to a website.

It's either:

1) Your proxies DNS server settings are incorrect.
2) Your proxy isn't set to use your school/LEA proxy and this is required for internet access (eg, direct internet access is firewalled).

[marco84]

It can be done with 1 NIC using squid & dansguardian. I assume the school already have their own proxy doing the web filtering. If so, just set up squid as a downstream proxy. forward all requests to the parent proxy.

[gwendes]

It can be done with 1 NIC using squid & dansguardian. I assume the school already have their own proxy doing the web filtering. If so, just set up squid as a downstream proxy. forward all requests to the parent proxy.

This is what I'm sure I've already setup - I'll start again (linux is so fast) with a fresh config file! Any recommendations on distro with squid / content filtering ready to go? I've tried Ubuntu-Debian and Mandriva - most comfortable with Debian

[marco84]

Have you got webmin installed? Being new to linux too, i find it just makes things a bit easier when configuring squid.
I know that using the webmin module to edit the squid.conf makes it alot easier (for me anyway) to add a parent cache.

[gwendes]

Have you got webmin installed? Being new to linux too, i find it just makes things a bit easier when configuring squid.
I know that using the webmin module to edit the squid.conf makes it alot easier (for me anyway) to add a parent cache.

Thanks for the tip - I'd already found that webmin is best for me too - It's like Windows is engraved on my soul

Wish me luck!

[marco84]

Im looking at using Censornet, but havent had time to play with it properly yet. Using SuSE 10.1 at the mo with KDE.

[Geoff]

I have an Ubuntu 6.06 box here running Squid and Dansguardian.

[gwendes]

Right.

CensorNet simply will not get past the first part of the install. I've installed indentical NICs, zeroed the drive, disabled the onboard network, burnt two copies of the CD and it refuses to install. Earlier it worked - now it says that it can't create a swap partition. Not even if I say please...

Grrrr!