Comments on Squid Proxy Server On Ubuntu 9.04 Server With DansGuardian, ClamAV, And WPAD (Proxy Auto-Detection) [Updated 07-08-09]
Squid Proxy Server On Ubuntu 9.04 Server With DansGuardian, ClamAV, And WPAD (Proxy Auto-Detection) This tutorial will demonstrate how to set up a Squid Proxy server on Ubuntu 9.04 with DansGuardian (for content filtering) and ClamAV (for Virus scanning); in addition, we will set up Web Proxy AutoDetection (WPAD) through DHCP (in this case, either dhcp3 OR the Windows Server 2003 DHCP server) or DNS so that the only configuration necessary on the client side is to check "Auto-detect proxy settings for this network" in Firefox or Internet Explorer. At the end of the tutorial, users will have a fully functional and secure proxy for HTTP access. In addition, the final section will show users how to connect to this proxy server via SSH in order to have a protected browsing session while away from the home/office.
19 Comment(s)
Comments
I think it is odd that you threw Windows Server into the mix. The title of your article mentions Ubuntu Server. Would it not have made more sense to have an all Linux tutorial? How many Linux folks have a an expensive Windows Server around? Since I do not, I'll have to stop reading at the 'dhcp' part. I am interested in everything else you mentioned, though. Also, it would be nice to know how to surf through a home proxy using ssh and take advantage of the security when I am away.
Rob
@rob: Thanks for the comments; I've edited the tutorial to provide an all-Linux option for users to follow. In addition, I've provided instructions at the end for connecting to the proxy remotely via SSH for protected surfing! If you need any more help, just post!
Great article! My question is this:
Can we show an intro page to the users in their browsers?
That would state there is a proxy server on the net, the name of our organization, all web access will be filtered and then "click here to continue" Would that require a script on port 80 ?
Jef
Adding this in the global part:
option wpad-url code 252 = text; ##(defines a new option)
and this in the scope:
option wpad-url "http://10.0.0.17/wpad.dat"; ##(applies new option)
resolved the errors.
Hello Sir,
I have done all this configuration in DHCP server with 252 code . But still the client cannot got proxy setting . DHCP service is running client got IP but they are not getting proxy setting.
Please help me regarding this.....
Hello Sir,
I have done this setting but having problem not accessing proxy setting at client. DHCP service is running client got ip but net is not going through 8080 port . I have set global for custom-proxy-server with 252 code . But still not getting.
Great Tutorial.
Actually Rob its an all Linux tutorial. The windows bit was just an alternative for setting dhcp.
Hi
This in fact is exactly what I need and having an existing MS network apreciated the mix of info to suit. I have used a linux server for a dev/test environment for a long time.
Thanks for sharing for those of us in a mixed environment ( and new to having Linux in a prod environment - I am about to run an appliance just like you describe above on a virtual linux server)
Cheers
Coglin - Cousin IT
Great article, it helped me get my first linux server/proxy setup. The Win2k3 DHCP portion was also exactly what I needed.
Thanks!
I am looking to set up this very sort of thing at my home. The part that is unclear is how the hardware is configured. Do you need need two NICs? Does this box need to live between the router most folks have at home and the rest of the net? If you can describe this to me, I would be happy to draw up a diagram so that you can show this with the tutorial.
I was also curious how much hardware I would need to make this work. Would an older Pentium III with 512 MB do the job? I would imagine that you would not need any graphics for this so running at run level 3 should be fine.
Thanks
Dwain
Hello People,
I had problem setting the custom-proxy-server in dhcp3-server in a Lenny Debian distribution, I had a error.
But I solve the problem with dnsmasq:
dhcp-option=252,http://192.168.1.1/local/wpad.dat
Thanks for the HOWTO...
Charlie
how to resolve it?i dont get it
I have just finished the install as outlimed in your howto but when I try to access the internet from another machine on the network this is what I get:
Unable to determine IP address from host name for www.whatismyip.orgThe dnsserver returned:
Timeout
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
Your cache administrator is webmaster.
option custom-proxy-server "http://x.x.x.x/wpad.dat";
When i restart it says unknown option dhcp.custom-proxy-server
Hi! I had similar problem,
try this:
option custom-proxy-server code 252 = "http://x.x.x.x/wpad.dat";
In DHPC3 you need define option before you can use it:
option custom-proxy-server code 1 = proxy; // definition of option, number 1 is a option number in case you use more custom options
option custom-proxy-server "http://X.X.X.X/wpad.dat"; // option
Great Article! It will help me to deploy a similar box in prod. environment. Thanks
ufw default DENY
ufw ALLOW 22
ufw ALLOW 8080
ufw DENY 3128
ufw enable
No need to try to hide ports or anything, just makes it more confusing to admin.
Hi, I have a very important question. In this tutorial, you explain everything and it all seems to work. The problem is that, what's the whole point of this if a client can simply change the gateway to 192.168.1.254? Putting that gateway he will skip and bypass the whole DansGuardian + Squid rules.
How can one be sure a client can not access to 192.168.1.254 gateway?