PDA

View Full Version : Linux web server with Squid Proxy



SgtM
08-31-2007, 01:33 PM
The Goal:

The kids are getting their own computer here at the new house. I only want them to access certain sites, so I need a proxy server.

Solution:
Build a linux box running squid so I can restrict access. I've also decided to turn it in to a home web server complete with phpBB (http://www.phpbb.com/).

What I've done so far:
Installed Fedora 7 (http://fedoraproject.org/) (LAMP (http://en.wikipedia.org/wiki/LAMP_(software_bundle)) setup) on an old Dell Dimension 1.3Ghz Celeron, 512 megs PC133 SDRAM, 20 Gig HDD. I've also installed VNC server (http://vnc.com), webmin (http://webmin.com), and phpBB (http://phpbb.com).

Squid (http://www.squid-cache.org/) actually came pre-installed, so now I just have to work on getting it configured. Configuration is done through access control lists using permit or deny statements. I'll be doing research on that tonight. I have a monitor, keyboard, mouse hooked up to it right now, but eventually, it'll be a headless system since I can either use ssh, webmin, or VNC to make changes.

I have to run some network drops, so I'll be sure to take pictures of that process for everyone. Also, here is your chance for requests. If there is anything you would like me to try out, let me know.

Here's 2 screenies of my home page, and forum. Notice, there really isn't any content right now.. that will change. The forum probably won't be used for anything other than just something to play around with.

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/intranet.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/forum.jpg

Luke122
08-31-2007, 07:14 PM
Cool plan with the proxy server. :) I had a friend who built a proxy using a Novell Netware server.. it had some wild caching abilities built in, which he was taking advantage of due to his dial up internet connection. (This was around 1997, and he lived waaaay out in the middle of nowhere) The proxy had the modem installed in it, and would dial on demand if any of the computers tried to access the internet.

Once anyone had visited a website, a full copy of it was stored in cache on the server, and then it would compare against the live site to see if there were changes/differences.. load times were phenomenal. (sp?)

+rep for being a concerned parent. :D

Luke122
08-31-2007, 07:16 PM
I should clarify that last post...

Once someone had visited a page/site, it would THEN be stored in cache for the next person to visit that page/site.

That makes more sense now, doesnt it? :D

SgtM
08-31-2007, 10:54 PM
oops.. Just noticed that I put squid FIREWALL in the title.. it should be squid PROXY.

SgtM
09-01-2007, 02:35 AM
Here's a cool squid config tutorial I found. I might be able to play around with this on Sunday (I'm off work) or Tuesday before work (I don't go in until 11 PM). Can't do anything with it tomorrow because I have to be at work 2 hours earlier than normal. It's definitely going to be fun though.

http://www.redhatmagazine.com/2007/06/19/using-access-control-lists-and-authentication-in-squid-part-ii/

SgtM
09-07-2007, 08:17 PM
I can't get the squid service to restart.. UGH!!! </frustration!> Anyway, I'm working every night until Wednesday, and then I'm off starting Thursday morning, and don't go back until Monday night. I'll check it out then.

Crazy Buddhist
09-08-2007, 01:01 PM
If you have another old machine laying around PII 400Mhz is fine, you could install IPCOP on it and build firewall rules to moderate their web-browsing. You would then have the same level of security on your home network as many corporate networks into the bargain (yes some large corporations use this free linux distro as their F/wall ... it's that good).

Intranet looks sweet :) +rep for that and being a dad that cares

:)

.Maleficus.
09-08-2007, 04:01 PM
I can't get the squid service to restart.. UGH!!! </frustration!> Anyway, I'm working every night until Wednesday, and then I'm off starting Thursday morning, and don't go back until Monday night. I'll check it out then.
No! I was really looking forward to this! If it makes pages load faster I'm all for it!

Anyways, I'm sure you'll get it settled, and when you do, I'll be looking for the tut :).

SgtM
09-08-2007, 07:37 PM
No! I was really looking forward to this! If it makes pages load faster I'm all for it!

Anyways, I'm sure you'll get it settled, and when you do, I'll be looking for the tut :).

No worries man.. the project is still on, it's just gonna be a week before I have the time to look at and fix whatever squid might have a problem with. No big deal if I have to format and start over either.

SgtM
10-13-2007, 09:29 AM
Ok, so I lied. It's been over a month since I've been able to do anything. Got some squid configs done. Basically, what I'm doing is creating an access list of allowed sites only. Everything else will be denied. It's actually very easy to configure with webmin. Screenies:

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/acl.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/acl_sites.jpg

D1337
10-13-2007, 01:56 PM
any progress is good progress, no matter how long it takes.

I have mixed feelings about this though, I understand what your trying to keep your kids away from, but limiting them to so few websites, you might as well not even set it up.

After a few days/weeks they will be sick of the websites and probably give up on using the computer. Hell, they can google something like "sex" and read the website descriptions.

At the very least tell them what your doing, update the list every week adding new entertaining but safe websites, and make sure to tell them that they can ask you to add any website but you'll have to review its content first.

calumc
10-13-2007, 02:01 PM
Presumably there must be a huge whitelist to be found somewhere on that thing they call the internet

D1337
10-13-2007, 02:18 PM
there probably is but after googling several key words like "kid safe whitelist" "child friendly whitelist" etc most of the results are about movements trying to make the internet safer, or companies trying to sell programs that block those websites, not lists.

calumc
10-13-2007, 05:35 PM
Ya i know, I did a very quick google before posting that. But like I said there must be one somewhere

SgtM
10-13-2007, 06:46 PM
any progress is good progress, no matter how long it takes.

I have mixed feelings about this though, I understand what your trying to keep your kids away from, but limiting them to so few websites, you might as well not even set it up.

After a few days/weeks they will be sick of the websites and probably give up on using the computer. Hell, they can google something like "sex" and read the website descriptions.

At the very least tell them what your doing, update the list every week adding new entertaining but safe websites, and make sure to tell them that they can ask you to add any website but you'll have to review its content first.

Meh.. the list is far from complete. I'll be removing google from the safe list. If the oldest needs to look up something for a school project, she can use mine. That way it's supervised. The sites that I will be adding are ones that they go to ALL the time without fail. They also know that if there is something new, they can always ask me to add it.

SgtM
10-28-2007, 11:36 PM
So, I started playing around with the server a little more last night, and happened to find out about Virtualmin. This nifty little tool is handy for those of you wanting to host your own web site, or even others web sites. We start by accessing virtualmin from the servers page in webmin. Next, we're going to add a site. Click on the "Add new server owned by" button, and enter the appropriate info on the next screen. I found that there's an issue with the IP based virtual IP settings. You need to add more than 1 IP address to the NIC on the machine. Just uncheck it, and you can use the server address (in my case 10.0.0.10) and the username and password issued for that domain when you want to add files to it. NOTE: The domain I'm using isn't actually registered, I'm just taking this on a test drive.

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin1.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin2.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin2_2.jpg

Next we see some output text from the server while everything is configured for that domain.

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin3.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin4.jpg

After the domain is setup, you can click on it, and change/add settings.
http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin2_1.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin5.jpg

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/virtualmin6.jpg

Now, here's where it gets really interesting. Setting things up for use with dyndns. From the virtualmin menu, select Dynamic IP Update.
http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/dyndns1.jpg

Enter the info it needs, and you should be all set. NOTE: I'm only making an assumption here, because I don't actually have a domain to test this with. I can only assume that there must be some sort of dyndns client you need to run on the server. Maybe Mal will chime in on that one for us. I know it's working on his server.
http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/dyndns2.jpg

So what's next in the tut? CAT5 wiring. Let me know if you have questions, suggestions, or would like to see me include something else.

.Maleficus.
10-29-2007, 06:01 PM
Cool man! It looks like that DynDNS setting could be very useful, especially for people like me running a website on a dynamic IP.

+rep for sure.


Edit: Or after I spread it around at least.

jdbnsn
10-30-2007, 06:15 PM
Holy crap man, this is so over my head! I am wanting to do this however at some point so when I do I will be following this bad boy line to line. Great job!

SgtM
10-30-2007, 08:01 PM
Check it out. I have everything online now. http://sgtm.homelinux.com <--- free sub domain provided by www.dyndns.com

I got it working by going to dynamic update:
http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/dyndns1.jpg

Once there, I entered my info for dyndns.com

http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/dyndns2.jpg

After hitting save, I get a message that it's been enabled, and will update every 5 minutes.
http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/dyndns3.jpg

Simple!

EDIT
Something is screwed up. It's not updating my WAN IP like it should. Instead it's updating the LAN IP of the server 10.0.0.10. I'll have to find a work around for this.

SgtM
11-01-2007, 09:27 AM
Ok guys, it's working now. Damn zoom x5 modems. I finally got it bridged, and put my linksys modem back in the loop. Here's what I did wrong on the server side. I told the server to update only the LAN IP address, when I really should have told it to update with the WAN IP address. To top that off, my zoom modem/router wouldn't forward the packets properly which is why I bridged it and put my linksys back in.


So NOW, feel free to go to http://sgtm.homelinux.com all you want. It's really lacking in content, but I'll fix that later. I also have a phpbb forum up just to play around with. I might change that to yabb. We'll see.
http://i47.photobucket.com/albums/f186/sgtm_usmc/home%20network/dyndns2_1jpg.jpg

Computer-Geek
11-06-2007, 12:30 PM
Once i get a hd and a usb wireless card for my old comp i'm setting it up as a server using this guide :)

SgtM
11-07-2007, 10:31 PM
Once i get a hd and a usb wireless card for my old comp i'm setting it up as a server using this guide :)

Cool. I'm glad you like it. Let me know if you have any questions.

SgtM
11-26-2007, 10:32 AM
What's the next cool thing to add? Content management. I installed Drupal (http://www.drupal.org) this weekend.

**EDIT**
I should add that installation couldn't have been easier. As I'm coming to understand though, it can be a little difficult to get used to. For now, I'll just play around with it for testing purposes. Hell, this whole progress is for testing purposes.. lol. Enjoy kiddos.

SgtM
11-28-2007, 08:35 AM
My thoughts on Drupal. Pain in the ass to learn. I started talking with my bro in law about a site for his new band. I want him to be able to add and edit stuff, and he's a little computer stupid. So, I changed content managers. Goodbye Drupal.. hello Joomla (http://www.joomla.org)!

Crazy Buddhist
11-28-2007, 08:38 AM
I'm not impressed with Drupal. I hear Joomla and Mambo are the ones to run with. Have to let us know yr experiences Rick :)

SgtM
11-28-2007, 09:58 AM
I've never heard of Mambo. I'll have to check that one out. Here's the site I put up in about 20 minutes (http://www.burnt45.com). Joomla is actually VERY easy to work with. It took me that long to put the site up because I had to search for a template I liked, and had to design the header.

+rep CB.

EDIT
Just logged in to the mambo demo. It looks EXACTLY like Joomla.

Crazy Buddhist
11-28-2007, 10:15 AM
Site looks good. Were all the graphics in the template or your own? EDIT: Reread your post and I see the header is yours. Doh!

Templates and how to configure/tweak/mash them seems a common issue/grudge with CMS - it's beyond me right now. I've played with the css on one a bit and that's all.

If you are going to have forums either with mambo or Joomla you can use SMF which is really nice forum software and has stock bridges available for both to share user data with the CMS. It's got lots of add-ons and a big and growing user base.

It's fun building sites :) +Rep back hehe

SgtM
12-01-2007, 10:30 PM
So, I've had a couple days to play around with Joomla a little. I'm having fun playing with all the templates available.

SgtM
12-13-2007, 10:42 PM
Joomla is now the front end of the site. A friend of mine has a video card for me, so the proxy side of the server will be getting tweaked probably after Christmas. After that, it will be mail server time.
http://sgtm.homelinux.com

IndyRacer27
12-14-2007, 03:53 AM
The Goal:

The kids are getting their own computer here at the new house. I only want them to access certain sites, so I need a proxy server.

Solution:
Build a linux box running squid so I can restrict access.

My oldest daughter is almost 5, and I've been thinking of doing this very thing in an attempt to keep her safe when I give her a computer, which will probably be soon considering how often she wants to play on one. At first I won't give her internet access at all, and slowly introduce sites that will be available.

SgtM
12-15-2007, 10:16 PM
Let me know if you want help with it, although this guide is decently detailed, so you should be able to get it figured out.

SgtM
12-30-2007, 07:42 AM
Well, guess what didn't happen.. My friend didn't get a chance to stop by for Christmas, and even if he did, he forgot the vid card back home. I'm just going to see if he can mail it. I'm getting tired of only having 2 computers!

Crazy Buddhist
01-02-2008, 05:13 PM
What card you need? Something simple for a server?

SgtM
01-02-2008, 08:14 PM
Nah, he was bringing a 1900 AGP. Something to replace the 5950 that blew up in my main system.

Server news..
I'm now hosting burnt45.com. It's my brother in laws band. Content is lacking big time right now because they haven't given me anything to post yet. Feel free to check it out anyway.

IndyRacer27
01-05-2008, 12:27 AM
I'm getting tired of only having 2 computers!

:DI love it! You know you're addicted when you come up with something like that. I'm currently designing my third computer for the house as well, I already have the hardware, it's just a matter of designing a case I like. It's not even going to be for the girls, this one is just another for me. So then when I build one for my daughters, that will be #4. To top it off, I have plans for more in the near future, just don't tell my wife, she already thinks I'm nuts.:p

Crazy Buddhist
01-05-2008, 08:11 AM
I only have three up and running right now but plans afoot for five more to complete the computerisation of my home.

Some people have told me a HTPC in the bathroom is overkill but I disagree entirely. I can easily spend enough time in the bath to watch TV. It's going to mean having the direction of the bath turned round so I can watch from the bath or sitting on the loo but hey ... in for a penny ....

I live alone in a one bedroom flat by the way.

:)

Rick I have no AGP laying around for you - would your MOBO enjoy a Radeon Sapphire X850 XT PE 256MB (PCI-Express)?

SgtM
01-06-2008, 12:46 AM
No PCIE here. +rep for offering though dude.

chaksq
01-06-2008, 01:27 AM
This guide is great man! I plan on messing around with stuff as soon as I find the time. The site your doing for that band keeps getting better.

SgtM
01-09-2008, 09:02 AM
So this tut is now on Digg. That's pretty cool. Anyway, I added a real domain to the server now. www.burnt45.com. Working on the mail side next, but it's not critical so I'm going to take my time. So what to do about DNS though? Good question. The answer is http://freedns.afraid.org/. Point your domain to their DNS servers, then use their dynamic update software on your web server. :banana:

I'm sticking with Joomla (http://www.joomla.com) for content management. Mainly because it's so easy to add content, and I don't have to spend hours writing code, but also because I want my users to be able to submit their own content with little to no assistance from me. I assign certain access rights to them, and they can take things from there. Please feel free to let me know if you have questions or comments.