EdubuntuProxy

Differences between revisions 4 and 5
Revision 4 as of 2007-10-10 14:41:32
Size: 1373
Editor: skegnessgrammar
Comment:
Revision 5 as of 2007-10-11 08:38:58
Size: 3144
Editor: skegnessgrammar
Comment:
Deletions are marked like this. Additions are marked like this.
Line 18: Line 18:
 * Secondly configure and start squid:      Here I have use aptitude to install the packages, but you can use synaptic, apt-get or whatever method you like. There must be a better way of wording this?

= Configuration =

Here we are going to configure and start all the services one by one. I will start off by configuring squid, this will get us a fully functional proxy server. Next, dansguardian this will sit on top of squid and allow for content filtering. Then we will configure iptables to redirect all requests by the users to dansguardian.

This has the plus point that, for instance, if you have a staff group and a pupils group that all staff can be redirected to the proxy and all pupils can be redirected to dansguardian.

== Squid ==

 * To configure squid fireup you favorite editor:
Line 23: Line 33:
     Find the line beginning "http_port 3128" and change it to read "http_port 3128 transparent" this is needed as later on we will be playing around with iptables so your users will automagically use filtering no matter what they try and do.
 
     Next find the section on "visible_hostname" and add "visible_hostname edubuntu" (substitute edubuntu for the hostname of the server you are configuring) 		     Here I've used gedit but you can substitute this for whatever editor you prefer.
Line 27: Line 35:
     Save the file and close.      1) Find the line beginning "http_port" and change it to read "http_port XXXX transparent" where XXXX is the port number you would like squid to listen on.


This is needed as later on we will be playing around with iptables so the users will automagically use filtering. Without it squid will display any request as text rather than actually fetching it.

     2) Next find the section "visible_hostname" and add "visible_hostname edubuntu" to the bottom of that section on a line of its own. (substitute edubuntu for the hostname of the server you are configuring).

     3) Save the file and close.
Line 34: Line 49:
 * Check squid is running:
{{{
ps aux | grep squid
}}}

     Your looking for two entries like this:
{{{
root 5469 0.0 0.0 4780 652 ? Ss Oct10 0:00 /usr/sbin/squid -D -sYC
proxy 5471 0.0 0.2 7644 5348 ? S Oct10 0:00 (squid) -D -sYC
}}}

== Dansguardian ==

 * Now lets configure and start dansguardian

{{{
sudo gedit /etc/dansguardian/dansguardian.conf
}}}

     Near the top of the file remove the line beginning with "UNCONFIGURED ".

     Save and exit the file.

 * Now start Dansguardian:
{{{
sudo /etc/init.d/dansguardian start
}}}

 * Again check its running correctly:
{{{
ps aux | grep dansguardian
}}}

     You should see lots of /usr/sbin/dansguardian entries.

== Now the fun part ==

=WORK IN PROGRESS=

Introduction

So you have a nice shiny Edubuntu server install and everything is well. You have an internet connection, but your want to restrict your users access to certain content on the internet, and you want to be able to do it without installing a second machine as a proxy/filtering server.

Well here is how I did it.

These instructions are based on gutsy and have limited testing, in my case they have worked. If you find a better way of implementing this please feel free to expand/change it.

Installing packages

  • Firstly install squid and dansguardian: 

sudo aptitude install squid dansguardian
  • Here I have use aptitude to install the packages, but you can use synaptic, apt-get or whatever method you like. There must be a better way of wording this?

Configuration

Here we are going to configure and start all the services one by one. I will start off by configuring squid, this will get us a fully functional proxy server. Next, dansguardian this will sit on top of squid and allow for content filtering. Then we will configure iptables to redirect all requests by the users to dansguardian.

This has the plus point that, for instance, if you have a staff group and a pupils group that all staff can be redirected to the proxy and all pupils can be redirected to dansguardian.

Squid

  • To configure squid fireup you favorite editor: 

sudo gedit /etc/squid/squid.conf
  • Here I've used gedit but you can substitute this for whatever editor you prefer. 1) Find the line beginning "http_port" and change it to read "http_port XXXX transparent" where XXXX is the port number you would like squid to listen on.

This is needed as later on we will be playing around with iptables so the users will automagically use filtering. Without it squid will display any request as text rather than actually fetching it.

  • 2) Next find the section "visible_hostname" and add "visible_hostname edubuntu" to the bottom of that section on a line of its own. (substitute edubuntu for the hostname of the server you are configuring). 3) Save the file and close.
  • Now start squid: 

sudo /etc/init.d/squid start
  • Check squid is running: 

ps aux | grep squid
  • Your looking for two entries like this: 

root      5469  0.0  0.0   4780   652 ?        Ss   Oct10   0:00 /usr/sbin/squid -D -sYC
proxy     5471  0.0  0.2   7644  5348 ?        S    Oct10   0:00 (squid) -D -sYC

Dansguardian

  • Now lets configure and start dansguardian 

sudo gedit /etc/dansguardian/dansguardian.conf
  • Near the top of the file remove the line beginning with "UNCONFIGURED ". Save and exit the file.
  • Now start Dansguardian: 

sudo /etc/init.d/dansguardian start
  • Again check its running correctly: 

ps aux | grep dansguardian
  • You should see lots of /usr/sbin/dansguardian entries.

Now the fun part

iptables -t nat -A PREROUTING -p tcp --match owner --gid-owner guest -j REDIRECT --redirect-ports 8080

EdubuntuProxy (last edited 2009-08-03 04:47:35 by sub-223ip196)