| View previous topic :: View next topic |
| Author |
Message |
102039
Tux's lil' helper
Joined: 16 Mar 2005
Posts: 125
|
 Posted: Mon Feb 20, 2006 3:02 pm Post subject: Proxy/Gateway |
 |
|
Hello,
in our company (approx. 120 windows clients) we want to replace our Kerio Winroute Firewall gateway/proxy-server with something linux(/gentoo) based. It is important that the solution has a proxy included because we only have a DSL connection to provide internet to our 120 windows clients.
I just have no idea for a concept yet. Which software to use (squid?) and how to implement it. So maybe anyone can suggest guides for a setup ? |
|
| Back to top |
|
 |
radulucian
Apprentice
Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania
|
| Posted: Mon Feb 20, 2006 3:22 pm Post subject: |
|
|
i guess that solution is so default that nobody bothered to answer yet.
here is what i sugest: use the default gentoo installation guide, add squid, then eventually add some filtering and content manager layers (search forums for options).
also, you might want to consider a nice firewall that supports routing (just in case) and i would sugest shorewall for this.
best way to see what is the best solution is to install it and start testing it. you will get caught in it really fast and you will get to your dream proxy in notime.
if you need more specific info just say preciselly what you need. |
|
| Back to top |
|
|
102039
Tux's lil' helper
Joined: 16 Mar 2005
Posts: 125
|
| Posted: Tue Feb 21, 2006 8:58 am Post subject: |
|
|
| Is there already a software available which integrates a squid proxy in a complete firewall/gateway/proxy solution ? |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Tue Feb 21, 2006 1:24 pm Post subject: |
|
|
| Wurstteppich wrote: | | Is there already a software available which integrates a squid proxy in a complete firewall/gateway/proxy solution ? |
please specify precisely what you mean/need, otherwise the most obvious answer would be 'brain + emerge' 
All what you most probably need would be squid+iptables as a first start (plus configuration for both of course)
Additionally you could check out e.g. squidquard, dansguardian, some gui for iptables like fwbuilder or shorewall, calamaris to have some statistics out of squid etc.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
102039
Tux's lil' helper
Joined: 16 Mar 2005
Posts: 125
|
| Posted: Mon Feb 27, 2006 12:34 pm Post subject: |
|
|
| Think4UrS11 wrote: | | Wurstteppich wrote: | | Is there already a software available which integrates a squid proxy in a complete firewall/gateway/proxy solution ? |
please specify precisely what you mean/need, otherwise the most obvious answer would be 'brain + emerge'
All what you most probably need would be squid+iptables as a first start (plus configuration for both of course)
Additionally you could check out e.g. squidquard, dansguardian, some gui for iptables like fwbuilder or shorewall, calamaris to have some statistics out of squid etc. |
Ok i will try. I basically need the functions of Kerio Winroute Firewall, except for the VOIP and VPN functionality. It is important that firewall rules and maybe also the proxy can be configured with a GUI, since we have 3 (including me) linux users/admins here, but the other two admins are only aware of Windows server environments, so if they need to adjust rules they won't be able to do that by using a linux console.
Like i already mentioned, we used Kerio Winroute Firewall (or AVM Ken when the company was a little bit smaller) as an internet proxy/gateway.
Please let me know if you need more information and thanks for the answers! |
|
| Back to top |
|
|
lesourbe
l33t
Joined: 24 Nov 2005
Posts: 710
Location: Champagne !
|
| Posted: Mon Feb 27, 2006 2:17 pm Post subject: |
|
|
did you take a look at the IPCOP distro ?
it may simply do what you need, though it's not gentoo
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce. |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Mon Feb 27, 2006 8:55 pm Post subject: |
|
|
| Wurstteppich wrote: | | I basically need the functions of Kerio Winroute Firewall, except for the VOIP and VPN functionality. |
OK so i'll try to translate between kerios homepage 'main features' and linux, just some keywords for your detailed search though
Deep inspection firewall
iptables with fwbuilder as frontend for administration (theres an windows client GUI available)
Antivirus gateway protection
done with clamav
- for web content: squid with redirector to clamav
- for mail content: maybe plain fetchmail and/or setting up a dedicated mail server on the box
Surf protection
Dansguardian
not sure whether or not any kind of GUI is available for that. Should not really be needed after setup is done though
updating the content categories can be scheduled via cron from exisiting community-driven databases/lists
Content filtering
combination of squid+dansguardian+iptables
squid configuration done via webmin and its squid module
User-specific access management
squid with acls so that your users need to authenticate with userid/password
acl config as above with webmin
maybe with ldap backend
Administration, alerts and statistics
calamaris for squid (web surfing) statistics, snmp/mrtg for more general traffic statistics
ssmtp or dedicated mailserver for alerting
HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
alterself.com
Apprentice
Joined: 13 Nov 2003
Posts: 175
Location: Iowa
|
|
| Back to top |
|
|
|
Networking & Security
