· web viewclients access internet using proxy only block website facebook.com, youtube.com,...
TRANSCRIPT
Homework Proxy server with IPTABLE
Requirement
Server 2003 (DNS,DHCP,AD,ip 192.168.1.1) Proxy server with iptable linux (2 interface vmnet1
192.168.1.2/24,vmnet2 172.16.1.212/23) Xp client for test(ip range 192.168.1.10=>192.168.1.30/24)
Prepare by CHAN Sarat SNA2012B
Teacher : KIM Bunthoeun
Student : CHAN Sarat
Class : SNA2012B
Task to do1. Clients use services of server 2. Clients access internet using proxy only3. Block website facebook.com, youtube.com, dap-news.com
Proxy Server
Assing ip for proxy server have two interface Assing defautgateway
Prepare by CHAN Sarat SNA2012B
Assign DNS cist.lan
Prepare by CHAN Sarat SNA2012B
Test by ping ip dns cist.lan
Ping defaut gateway cist.lan
Prepare by CHAN Sarat SNA2012B
Server2003 Assign ip and defaut gateway
Forwarder dns
Prepare by CHAN Sarat SNA2012B
Test by ping dns cist.lan
Prepare by CHAN Sarat SNA2012B
Test ping google.com
Prepare by CHAN Sarat SNA2012B
Create rule iptables to allow client access internet throw router-proxy
Test proxy server ping google.com
Prepare by CHAN Sarat SNA2012B
XP client
clients use dns “sarat.com”
Prepare by CHAN Sarat SNA2012B
Proxy Server
Install sqid
File configure squid “vim/etc/squid/squid.conf”
Prepare by CHAN Sarat SNA2012B
Default port squid 3128 and 8080
Cache file
Create acl (acl client src 192.168.1.0/24) Disable some options
Prepare by CHAN Sarat SNA2012B
Disable “icp_access allow localnet”
Prepare by CHAN Sarat SNA2012B
Restart services squid
Create acl for lan client and domain
Create rule for allow (clients range 192.168.1.0/24) and deny (domain like facebook.com,youtue.com,dap-news.com)
Prepare by CHAN Sarat SNA2012B
XP test Access don’t use proxy server
Prepare by CHAN Sarat SNA2012B
Access use proxy server IP interface router connect to server(192.168.1.2) Port use default port proxy server 3128
Result can access internet
Prepare by CHAN Sarat SNA2012B
Test website that we block We access facebook.com
We access dap-news.com
We access youtube.com
Prepare by CHAN Sarat SNA2012B
Authentication with user in ADvim /etc/squid/squid.conf
Prepare by CHAN Sarat SNA2012B
THE END
Prepare by CHAN Sarat SNA2012B