Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.

Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
slackware:proxy [2006/06/08 14:40]
alien
slackware:proxy [2006/06/16 22:47] (current)
alien Removed FIXME for link to parental control article.
Line 17: Line 17:
 <note>Tinyproxy and Squid are licenced under the GPL. Dansguardian is licenced under the GPL, with the addition that it is free for non-commercial use.</note> <note>Tinyproxy and Squid are licenced under the GPL. Dansguardian is licenced under the GPL, with the addition that it is free for non-commercial use.</note>
  
-<note tip>This article focuses on the configuration of a transparent proxy on a gateway/router for **small networks**. Another scenario is that of the **family computer** with a single network interface, running Linux, where you want to restrict the children in their Internet browsing while still being able to have unrestricted Internet access for your own account (assuming //you// are the parent) or as the root user.\\ I have a FIXME [[:slackware:parentalcontrol|Wiki page]] that points out the different steps you need to take compared to this very page here.</note>+<note tip>This article focuses on the configuration of a transparent proxy on a gateway/router for **small networks**. Another scenario is that of the **family computer** with a single network interface, running Linux, where you want to restrict the children in their Internet browsing while still being able to have unrestricted Internet access for your own account (assuming //you// are the parent) or as the root user.\\ I have a [[:slackware:parentalcontrol|Wiki page]] that points out the different steps you need to take compared to this very page here.</note> 
 + 
 +<note warning>When using this proxy/contentfilter, it will not be possible for the content filter to examine //HTTPS// requests. This is of course due to the nature of the encryption used - if it //were// possible for the content filter to examine the content of secure HTTPS connections, then this would pose a serious threat to all secure communication on the Internet. This would be called the "man in the middle attack".\\ The tinyproxy by itself can proxy the HTTPS traffic because //it// does not need to inspect the content of the HTTPS traffic, it just passes the received data on to the client browser. This is the reason why in the rest of the article, there will be a few examples of redirecting HTTPS traffic (tcp port 443); it is only for the benefit of people who use this article to just setup a proxy without filtering.</note>
  
 ===== How it works ===== ===== How it works =====
Line 124: Line 126:
 make install make install
 </code> I have a SlackBuild and a Slackware package for dansguardian in [[http://www.slackware.com/~alien/slackbuilds/dansguardian/|my repository]] which you can use as well. The advantage being that I added a start script and a logrotate script to the package. If you want those without building from my SlackBuild script, I added them in the [[#example_configuration_files|last section]].\\  </code> I have a SlackBuild and a Slackware package for dansguardian in [[http://www.slackware.com/~alien/slackbuilds/dansguardian/|my repository]] which you can use as well. The advantage being that I added a start script and a logrotate script to the package. If you want those without building from my SlackBuild script, I added them in the [[#example_configuration_files|last section]].\\ 
-I configured dansguardian to run as user //nobody// - because that is an existing account without provileges, and Apache uses it too. If you want another account change the ''./configure'' step, and create the account you want it to use in case the account does not yet exist. We will configure tinyproxy to run as user //nobody// as well, but in that case, we don't have to define that at compile-time. Tinyproxy has the effective user as a parameter in it's configuration file (see below).+I configured dansguardian to run as user //nobody// - because that is an existing account without provileges, and Apache uses it too. If you want another account change the ''./configure'' step, and create the account you want it to use in case the account does not yet exist. We will configure tinyproxy to run as user //nobody// as well, but in tinyproxy'case, we don't have to define that at compile-time. Tinyproxy has the effective user as a parameter in it's configuration file (see below).
  
  
Line 227: Line 229:
  
 ===== Starting the programs ===== ===== Starting the programs =====
 +
 +If you (built and) installed my Slackware package for dansguardian, the rc script is installed non-executable by default. In order to run dansguardian on boot (as shown below) you will have to make the script executable by running <code>
 +chmod +x /etc/rc.d/rc.dansguardian</code>
  
 If you configured your firewall rules in the file ''/etc/rc.d/rc.firewall'', then this script will be detected by Slackware and automatically started with the ''start'' parameter on boot. This happens in the the Slackware init script ''/etc/rc.d/rc.inet2'' to be precise, like this: <code> If you configured your firewall rules in the file ''/etc/rc.d/rc.firewall'', then this script will be detected by Slackware and automatically started with the ''start'' parameter on boot. This happens in the the Slackware init script ''/etc/rc.d/rc.inet2'' to be precise, like this: <code>

QR Code
QR Code Transparent Proxy with contentfilter (generated for current page)