advanced proxy server

1- We assign ip dns of machine squid

2- Then put the gateway from ISP

3- And this is the ip address that we assign in machine proxy squid

4- Install squid by yast

5- After that we configure file squid.conf

6- First we configure on port that to allow client use proxy

7- After that we set on size memory cache on RAM

8- Then to allow store cache this path by delete # and number according to you need

9- Now we to create access list like below

10- After that we apply to rule that created on ACL

11- Then restart our squid services

12- And use command below to update cache

13- For client use squid can ping to interface that connected only

14- After that need to configure port squid that allow client use on web browser

15- Then client can access to internet by using proxy

16- Now we want to deny client not allow use internet need to apply rule to ACL like below

17- After that restart services squid again then client access internet it show like this

18- Now we want block our client not allow use http://www.yahoo.com need to create rule like this on access list

19- After that we apply to rule that created on ACL for block website yahoo from client

20- Now we access website yahoo.com it show like this

21- And now we want block client download file exe across proxy need to create one access list after that we to apply rule on access list that created like below

22- Now client download file ( .exe ) from internet like below

23- After click on file download exe it will show like this on web

24- When Install SquidGuard it need service dependence like below

25- Then to install service dependence by yast like below

26- Then we install Squid Guard again it will success like below

27- And we disable this line to Security on Squid that allow client to affect Rule

28- Then we vi /etc/squidguard.conf and write content like below

29- Then we change owner of directory like below to user squid

30- Then we edit file squid.conf and write like below to allow squid use SquidGuard

31- Then we use command squidGuard –C all to create file extentsion (.db)

32- Then it create file *.db automatically like below and change owner to squid below this

33- Now we take this website from black list to access from client web browser

34- Then access web site from black list it will redirect to timetables.cist.lan auto like below

35- Now we extract file shallalist to path below

36- After extract we will see all filed by type of each files in folder BL

37- Then we write add line in file SquidGuard.conf like below

38- Then we use command squidGuard –C all to create files domains.db & urls.db

39- Now we change owner to file (.db) by chown to user squid

40- Then Google Take it can’t login like below

41- Speed to allow IP address client download across our proxy squid in file squid.conf add line below

42- Then when we download will see the speed on DU metter or look on process file download from website that link to packet

delay_pool 1 delay_class 1 1 delay_parameters 1 1024/2048 delay_access 1 allow LAN_10_2

**Authentication users from Active Directory 1- On DNS local must be work properly for resolve like below

2- Put the gateway of dns local is ip address proxy server that connected with interface dns local

Echo 1 > /proc/sys/net/ipv4/ip_forward 0- iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE 1- jont domain from proxy 2- list users : wbinfo -u , wbinfo -g 3-: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic chilldren 5 auth_param basic realm savy.happy.net auth_param basic credentialsttl 2 hours auth_param basic casesensitive off 4- create acl ( acl clients src 10.1.1.2 , acl auth proxy_auth REQUIRED ) 5- http_access allow client auth 6- DNS Local must forward to DNS Publich by name & ip address 7- Gateway DNS Local put IP proxy that connected with DNS

3- Then on Forwarders we add name DNS publish and then add IP address of DNS publish

4- Then Edit file /etc/resolve.conf put the name and IP address DNS local like this not use DNS publish

5- And on proxy server by yast we put the name and IP address our DNS local

6- Use IPTables script to allow DNS local to use DSN publish and echo command to allow difference LAN and ping each other

7- And by yast network services � windows domain member ship � then put the Domain name of DNS that we want to joint � OK

8- Then joint domain must be successful and can install packet until finish when joint domain

9- Then we can list users & Group on AD by use command below

10- And on file /etc/squid/squid.conf line 297 we add all this line

11- And file squid.conf we create ACL like this have ACL & auth

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic chilldren 5 auth_param basic realm savy.happy.com auth_param basic credentialsttl 2 hours auth_param basic casesensitive off

12- Then we apply rule to acl that created on http_access

13- After that on client open web browser if connected to Internet by proxy server it must be authentication user name & password like below user from AD then put user name and password client can access to internet

14- After put user name & password client can access internet like below by authentication user name & password user from Active Directly

Install and configure mysar 1- Install services mysql & apache2 by yast 2- Now we extract mysar to path /srv/www/htdocs directory by command below

3- Then we access web page by web browser client http://10.1.1.1/mysar/www we specific to path store file like this because we new install so we must specific path to find install file on machine � Choose click continue for installation process

4- After that it will show like this on web browser client we click on new install

5- And then we put the database name user control full machine SuSE and user name control only mysar database, I not put password user root because I not assign by mysqladmin � Submit Query

6- After that it will show like this on web page

7- Then we must to create one file config.ini path /srv/www/htdocs/mysar/etc/config.ini and put the information that show on this web page

8- Edit file config.ini and write this information that file then save it

9-After complete the information click on Click here to try again it will show like this on web page � click here continue

10- Then it will show message on web page to delete directory install on path /srv/www/htdocs/mysar/www/ and delete folder install

11- After alert message on web page we go to delete folder on this path � Start using mysar ! on web page

12- After delete install folder it will show like this on web page

13- Then we use this command to use access log show on mysar database then it will show on web page

14- And if we want to restart this command automatically can use crontab –e and write this content ( 6 * * * * ) it mean every hour at 6 minute it will back up report to show on mysar

15- Then after generate report it will show on web page mysar all client IP address and user access internet, speed user use across proxy

Sarg installation 1- This services it dependence when install sarg packet on sless11

2- Then we install sarg like below

3- Afte that we to path /etc/squid/sarg

4- Edit file sarg.conf at line 143 we msut change to path /srv/www/htdocs/sarg like below

5- Command - : sarg-reports daily: for generate report users access internet every day to show on sarg web page - : sarg: sarg command use to create directory sarg on path /srv/www/htdocs/

6- Then we access web page by http://10.1.1.1/sarg it will show on web page like this

7- Then we can select one user that access internet show on sarg to see detail user access internet like below

Transparent proxy automatically client