software for my Proxy / Internet server

[r_balest]

Guys, I am a newbie here and a totally newbie in Linux World, so I need help with my new-built Proxy Server.

 

I used Windows XP for my previous proxy server and I used WinGate for my proxy filtering user, and to create mail-port dividing. What software should I use for Linux? (I use Mandriva 2006)

I tried Squid, but it couldn't run and it shows nothing but error (something about visible hostname, which i added on squid.conf), started the service, call the program, squid. nothing happened.

 

Another one that concern me is I used Symantec Corporate Edition on my Win XP server. That's a good software I think. I only need to update my virus definition on my server, and my clients automatically updated in a period of time. I also can manage user groups and schedule the weekly scan on my clients.

 

So, do you guys have recommendation(s) for softwares like mentioned above? If you do, please share it. Thanks.

[ianw1974]

I use squid, it's great. Easiest way to configure:

 

urpmi drakwizard

 

make sure you have set up all your easyurpmi sources using the link at the top of this page when using Mandriva 2006, since it's not on the CD. Then, once installed - System/Configuration/Configure Your Computer. You shall then find a wizard under Network Services to sort squid out. Chances are your basic config isn't correct, the wizard will sort it out nice and easy.

 

Your hostname is normally configured in /etc/sysconfig/network, so check to make sure it's correct in here, and also edit your /etc/hosts file to make sure it's correctly reflected in here too.

 

For anti-virus, clamav. The best:

 

urpmi clamav

 

once running, it should default to checking for updates every 2 hours, which is normal config for this. I think it's installed by default in Mandriva 2006, always has been on my systems.

 

Oh, and welcome to the board

[ddmcse]

i agree with ianw1974

i use squid also and think it's great

configuring squid through the control console is the easiest way to configure squid another option is to use "webmin" you'll find more granular control via webmin and i'd recommend using SARG also to generate reports of squid access by IP that can be viewed online

[r_balest]

Thanks ianw and ddmcse, I've started squid service, and I went to Configure my computer and under network tab, there's nothing related to Squid. I changed my visible_hostname to 127.0.0.1

how do I run squid? Everytime I type "squid" in my terminal, it said that squid's already running.

 

Thanks

Nice to meet you guys :)

[r_balest]

Guys.. I'm having troubles [again] about Squid. sorry.

I uninstalled the package originally from Mandriva (ver. 2.5 stable or something like that). I downloaded another version from internet (ver. 2.4 stable, tar.gz files) I installed it, the folder will be /usr/local/squid, right?

I've configured it using the one from Visolve.com, but nothing happened. It got worse, because when I typed "squid" in terminal, it said: "bash: squid: command not found"

I looked in my Configure my Computer -> Remove Software, there's no Squid listed...

Help...

Thanks

[michaelcole]

You installed the package with out using the package manager so the package manager does not know where it is to remove it.

 

Have you tried

 

service squid start

 

look in the etc/init.d directory for the actual service name..

 

dont know how to fix the problem you have really though..

 

Try these things first..

[ianw1974]

Honestly, using the drakwizard that I mentioned in my previous post would have done absolutely everything for you. But you do have to make sure your hostname is set correctly in /etc/sysconfig/network as well as in /etc/hosts as well.

 

Then there would be no need to install source, just use the wizard within Configure Your Computer to get it working. Unless of course you tried this, and it didn't work :P

[r_balest]

:)

Thanks.. I finally use webmin and there i got options to start Squid. I got it worked now, I guess...

Now, I want to ask a few questions afterall, may I? :P

I don't understand at all on Squid Proxy Server menu in Webmin. What I need from Squid is:

- I can filter user. So that not all user can browse Internet. I filtered them based on their IP on Gate keeper.

- I can manage my POP3 and SMTP ports. Because every mail client on my office is going through the Gateway (Gatekeeper, using Wingate), so I have to add ports for several ISP, eg: 111 for ISP-1, where I set the pop3 to pop3.aaa.com, port 113 for ISP-2, where I set the pop3 to pop.bbb.com

- I can set up a ban list for users. so, our users here can't browse to a porn-site (I banned them using string: "porn", or "sex" and etc)

 

Can i even set those up on Squid? I've tried to look everywhere on menus for 1-2 hours and I'm getting confused :) Please help if somebody know how to set up those. thanks

[ianw1974]

Yes, you could use squidGuard to ban it, although I've configured squid to block the sites without having to use squidGuard.

 

The main sections you need to worry about in squid are the access lists and then the http_access command in the config file to grant/deny access to the access list created. I find it easier to edit the file by hand, but webmin can do the job just as good too. The lists are always read top to bottom. So if you find a rule doesn't work, it might have to be higher up the list.

 

Remember, squid is just a http proxy, so you'll have difficulty trying to proxy pop3 or anything like that. It's purely for http access. FTP will only proxy if you use the browser to do it. If you attempt with an ftp client, it probably won't work.

 

Main sections are access lists for defining what you want to allow/block, and then using http_access to allow or deny. Check out the squid.conf file, and you'll see some already configured there, or you shall see within webmin too.

[michaelcole]

From what i understand in your posts.. First you want to control more than just HTTP access.

 

The way i do it is using A firewall, like shorewall..

 

Then you can set each IP address connection to your server to have certain access outside the company.

 

You can set information like from this ip and port direct to this ip and port.

 

Squid will not do all you want but it can be part of the solution.

 

you may like to look at this for ease of installation and use it looks good..

 

I have not tried it, I set up all my rules manually and have a very strict system. No one goes anywhere unless i add it to my rules..

 

http://www.howtoforge.com/perfect_linux_firewall_ipcop

 

Linux and the applications may really seem hard at first but you will find it will give you more freedom..

[r_balest]

@IanW: thanks.. so, I just have to add on the Access List and Http access is the flag to switch it on or off? But when I saw the access list, it's just a few lines of it. Can i add it? Oh. I see, I can add it on the .conf files instead of webmin?

Also, what should I do about the POP3 port? What should I use?

 

@michael: Is that a different software? I read it about IPCop. It seems un-understandable :) but I'm downloading the ISO, it's 41 MB... wow... is that easy to use? do you currently use it, michael?

[ianw1974]

Yes, you can add to the list. The order in the ACL's isn't important, so you can put it anywhere with all the others. The order is only important when using the http_access options.

 

You can add it directly in the squid.conf or using webmin whichever you happen to prefer. I prefer editing the file manually than doing any other way.

 

POP3 you'd have to use some other product for this, squid won't be able to do it. Squid is just a http proxy.

 

If you post what you're attempting to give access to or deny access to, I can help you with this. Then if you post the section of your squid.conf - just the ACL's and the http_access (this follows beneath the acl's), then I can help you in where to place it.