Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a theory to block torrent or any other unwanted thing. Don't block it, monitor!
The best way to block p2p is to find out who is the guy eating the bandwidth.
You can find a way to authenticate all users. If you're working for a company who cares about this, you can try to persuade them to create a policy with a badass warning saying the person is risking his job by doing this.
Location: Fiji Islands but currently worknig in Paua New Guinea (PNG)
Distribution: ubuntu
Posts: 36
Original Poster
Rep:
That i totally agree with. But the thing is i realised, it doesnt show up on squid reports. It shows i went to utorrent.com but it doesnt show the downlaods. Is there a way for it to appear on the sarg reports. ? i did a test and it seems it is invisible or something...
I need to get this guy coz he is making me look like a clown in front of my boss...Damn users..!!!
Quote:
Originally Posted by suid0
I have a theory to block torrent or any other unwanted thing. Don't block it, monitor!
The best way to block p2p is to find out who is the guy eating the bandwidth.
You can find a way to authenticate all users. If you're working for a company who cares about this, you can try to persuade them to create a policy with a badass warning saying the person is risking his job by doing this.
Another issue could be with your router not intercepting all the packets. Are you masquerading the outgoing packets? If this is what you are doing, then make sure you are also redirecting all the port 80 connections to squid port. If you do not pay attention to what you are doing, this could result in you knowing nothing about your internet usage.
Location: Fiji Islands but currently worknig in Paua New Guinea (PNG)
Distribution: ubuntu
Posts: 36
Original Poster
Rep:
Thanks for the advice. I have squid and sarg. is there a separate package for firewall coz i didnt install anything else apart from the defualts. What firewall do i use. ?
ACL well all i have is one acl for my local network and then that has windows authentication enabled on it. Is there any particualr format or line i have to put in ?
Thanks
cheers
P.S Still a noob in novice shoes..(:-
Quote:
Originally Posted by suid0
Not showing up on squid logs? hmm.. 2 possibilities I guess. problem with an ACL that needs to be reviewed or a problem with your firewall...
Maybe you will have a couple hours of fun reviewing your rules to find what this smart guy found.
Location: Fiji Islands but currently worknig in Paua New Guinea (PNG)
Distribution: ubuntu
Posts: 36
Original Poster
Rep:
Hi
Masquerading..sorry foot in mouth but what is masquerading ..??
All browsers are directed to squid and i added a rule on the router not to allow traffic from any other ip apart from squid box.
So now i know all traffic is through the box coz router drops packets from other ip addresses. Now i need to do filters but torrents seem to be hard to catch.
thanks for the insight as i am understanding things a bit more now
Cheers
Quote:
Originally Posted by linuxlover.chaitanya
Another issue could be with your router not intercepting all the packets. Are you masquerading the outgoing packets? If this is what you are doing, then make sure you are also redirecting all the port 80 connections to squid port. If you do not pay attention to what you are doing, this could result in you knowing nothing about your internet usage.
Wow, this could explain everything. As far as I remember, default rules for squid allow any outgoing traffic. I would recommend search for some howto's regarding squid and also iptables.
I could spend hours telling you how to build your proxy but it would be much better if you RTFM a little.
If you already have authentication is a good start because with some tuning your squid will be able to show you who the bad guys are.
About firewall, I don't know if you're responsible for it or not but if you are, I strongly recommend you to start reading a lot. iptables is the command to manage firewall on Linux.
Maybe you can find a good howto appropriate to your needs. If you need help on setting up rules, you may need to share some info about your internal network like: default gateway, netmask, proxy ip, firewall ip.
Location: Fiji Islands but currently worknig in Paua New Guinea (PNG)
Distribution: ubuntu
Posts: 36
Original Poster
Rep:
I know i look like a dumb idiot but thanks for that. I remember reading Iptables before n not knowing what the hell they were. I think i will put a firewall in place so that everything out n in of the proxy is recorded and legit. You said firewall Ip...Can the firewall be installed on the squid box ? Can it have the same Ip or will it havbe a different IP but reside in the same physical box ? thanks for the info. I understand learning and finding out myself is the best solution but as long as you guys point me in the right direction, i dont mind the research. Thank you
Cheers
Quote:
Originally Posted by suid0
Wow, this could explain everything. As far as I remember, default rules for squid allow any outgoing traffic. I would recommend search for some howto's regarding squid and also iptables.
I could spend hours telling you how to build your proxy but it would be much better if you RTFM a little.
If you already have authentication is a good start because with some tuning your squid will be able to show you who the bad guys are.
About firewall, I don't know if you're responsible for it or not but if you are, I strongly recommend you to start reading a lot. iptables is the command to manage firewall on Linux.
Maybe you can find a good howto appropriate to your needs. If you need help on setting up rules, you may need to share some info about your internal network like: default gateway, netmask, proxy ip, firewall ip.
Yes you can install firewall application on squid box, but that should not be necessary. iptables are default package in a linux distribution and you can use them for firewalling your network and also other NATing and masquerading purposes. You need nothing more for a basic setup.
And if you are looking for intercepting all the data on your network, read on how to configure your squid in transparent mode. That will help you more.
1. Set policies on squid to monitor and block people (together with sarg and any other thing you'd like to).
2. Set a 2nd box as a firewall and disable everything that comes from regular users.
3. Everytime someone scream, you analize each case and ask them to make an official request to open a specific port. You must find a way to document each squid and firewall rule.
Why this second box? Beacuse I still believe a firewall is a firewall and not a multi-purpose machine. You can use and old PC as your firewall... Also, what I do for a box running a firewall is a minimal installation only with enough packages to make this firewall work.
To make your manager happy, now you have a controlled environment and you can now show graphs with before and after statistics. They love this shit.
I do agree on having a separate firewall machine. But if the traffic is limited it seems he would be wasting the hardware resources and money. I have got a similar setup running squid, dans and iptables without performance lag. The system also runs ntop as well. It would also depend how well OP can maintain the server. My server running squid and firewall is not even a server hardware machine but a Dell desktop workstation machine. But our traffic is low and no more than 40 users are online at any given time. So that also makes difference.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.