How to Pfsense + external squid transparent proxy + dansguardian

In this tutorial will guide throught how to set up Pfsense with squid transparent proxy + dansguardian. This linux tutorial is base on my main website http://nixtoforge.com.

In this guide I use Pfsense with newest version, squid and dansguardian running on Centos 5.x. Same configuration on ubuntu.

Squid proxy ip : 10.0.10.3 port 3128

Dansguardian : port 8081

iphone ipad blogs

+ First we will setup Pfsense:

le0 = external interface with ip 192.168.29.1

le1 = internal interface with ip 192.168.10.201

You can go to http://doc.pfsense.org/index.php/Tutorials to get how to install Pfsense. It quit easy, will not show here.

+ Sencond we get Squid + Dansguardian for Centos :

yum install squid dansguardian

Squid config file

After install we change something on squid.conf file. ( /etc/squid/squid.conf)

http_port 10.0.10.3:3128 transparent
visible_hostname SQUID
cache_mem 512 MB
cache_dir ufs /srv/squid/cache 10000 16 256
access_log /srv/squid/logs/access.log squid
cache_log /srv/squid/logs/cache.log
cache_store_log /srv/squid/logs/store.log
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

acl MyNetwork1 src 192.168.29.0/255.255.255.0
http_access allow  MyNetwork1
always_direct allow all
icp_access allow all
http_access deny all
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320
coredump_dir /var/spool/squid

Dansguardin config file: (/etc/dansguardian/dansguardian.conf)

For basicallly I use the default config on dansguardian just modify some to make it connect to squid.

Find these configs and replace with your config below

# the port that DansGuardian listens to.
filterport = 8081

# the ip of the proxy (default is the loopback – i.e. this server)
proxyip = 10.0.10.3

# the port DansGuardian connects to proxy on
proxyport = 3128

Ok . Now we start squid and dansguardian

/etc/init.d/squid restart ; /etc/init.d/dansguardian restart

Now we go back to Pfsense and do some change on this box.

- First we go to /etc/default/rc.conf
Find the this :

natd_flags=””;

and replace with this :

natd_flags=”-f /etc/natd.conf”

OK /etc/natd.conf should look like this

interface re0
use_sockets yes
dynamic yes
redirect_port tcp 10.0.10.3:8081 80

This will redirect all traffic www to 8081 on box 10.0.10.3 running Squid and dansguardian.
Done.
Source from Linux tips and tricks
How to Google Hacking ?

About these ads
This entry was posted in Tips and tagged . Bookmark the permalink.

35 Responses to How to Pfsense + external squid transparent proxy + dansguardian

  1. very informative post. Looking more to something like this

  2. Leia Lowney says:

    Hey s8izz1, very interesting post, it really got me thinking. Thank you. wa1nd

  3. Dont worry, there will always be people like this.

  4. Lorna Tuohy says:

    Hey g8hio67h5p, very interesting post, it really got me thinking. Thank you. edqd5 ayvl8

  5. watch movies says:

    I will visit this island again.

  6. I was very delighted to find this site.I wanted to thank you for this great read!! I definitely enjoyed every little bit of it and I have you bookmarked to check out new stuff you post.

  7. This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work.

  8. I think this internet site has some real fantastic information for everyone : D.

  9. Hi. I treasured to drop you a quick note to impart my thanks. I’ve been observing your blog for a month or so and have picked up a heap of good information as well as enjoyed the way you’ve structured your site. I am attempting to run my own blog however I think its too general and I would like to focus more on smaller topics.

  10. I’ll post a link to this website on my page. I’m certain my visitors will think of this article very useful.

  11. Sandy says:

    I think computer viruses should count as life. I feel it says one thing about human nature that the only type of life we now have created up to now is purely destructive. We’ve created life in our own image. – Stephen Hawking

  12. ^^ yeh that is so true. I have to agree with you

  13. ^^ yeh that is so true. I have to agree with you

  14. Its ridiculous how much more attention my website gets now that I use marketing & business development!

  15. Amazing job:) Will need some time to ponder this article!!

  16. Hey thanks for the reading.

  17. Very well written story. It will be beneficial to anybody who employess it, as well as yours truly :). Keep doing what you are doing – i will definitely read more posts.

  18. Great job. I will require a bit of time to ponder this content.

  19. Fantastic website! I will take a good amout of time to absorb this article!

  20. Couldnt agree more with that, very attractive article

  21. I consider something really interesting about your website so I saved to my bookmarks .

  22. keep up this good work. Excellent post

  23. I’ve recently started a blog, the information you provide on this site has helped me tremendously. Thank you for all of your time & work.

  24. Antonio says:

    I’m glad you said that??

    Davidoff Ambassadrice

  25. Lowell says:

    I wonder exactly what has to say about that??

    cigars

  26. Royce James says:

    Great writing! You might want to follow up to this topic?!?

    izdelava spletnih strani

  27. ikram says:

    fantastic article. thanks for sharing the knowledge. I have a question (and thats a problem too).

    I have seen a lot of places that people redirect all port 80 (www) traffic to squid box for allowing or denying it. Now the problem is that how to forward traffic on other ports to squid? e.g. https (443) and google talk (5222)

  28. sky says:

    I installed squid proxy on pfsense and not working. I visited website “iplocator” and showing everyting My public ip , my computer ip .I don,t now what,s gooing on. any help – please.

  29. Do we have provision to install a standalone pfSense on a centOS operating system or it can only be installed on a separate machine.
    Actually, i wanted to install all the three on the same machine…possible?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s