This is a guide document although very detailed in some sections. It assumes you have a have an idea about installing RH and working with Linux. Some will find it very tedious others will be grateful.
Decide if you are going to do basic proxy behind the firewall (one nic needed)
Proxy as firewall or transparent proxy (two nics needed)
Swap area set this equal or greater to the size of the ram. Minimum 128 Meg.
Create a /boot partition of 30 meg
/ (Root) to fill the rest of the drive (or minimum 4 gig) or partition for /home and /var.
Choose the Compaq 171FS - works for most monitor types.
Be VERY SURE to create a boot disk just in case something goes wrong. I recommend installing EVERYTHING. It never fails you always need the one thing you forgot to put on.
(for internal interface)
Set hostname proxy.domain.org
IP address - (192.168.0.1)
Subnet - 255.255.255.0
Device name - eth0
Kernel module - 3c509 (or whatever has been detected)
Second NIC (if transparent )
Ask you ISP or use DHCP
IP address (220.127.116.11)
Device name - eth1
Kernel Module 3c509 (or whatever has been detected)
Dns 18.104.22.168, 22.214.171.124 supplied by ISP or DHCP
If DHCP just enable forwarding.
Gateway 192.168.0.254 if internal or supplied by ISP
Enable routing (forwarding)
Add this line 192.168.0.1 proxy.domain.org proxy
It is very wise to download all the patches for 6.2 from a web site and burn them to a CD.
There are allot of patches almost 300 megabytes worth. Some of these patches are required before you can install DG so you better get them
Also get the latest Dansguardian, blacklists and your favorite bannedphrase list. I highly recommend Webmin as well as you will be providing a restart button
Through the webmin interface a little later. Also this install guide is based on Webmin on RH 6.2
Adding patches (insert the patches CD Rom)
Using rpm -U a*.rpm install the following groups of packages in the order listed.
example. Rpm -U d*.rpm
d, Rp, a, b, y, x, w, v, t, o, e, f, p, l, m, n, k, g, j, s, uc, um, us, rh, rm, imap-2000-,imap-devel- 2000, imap-2000c, imap-devel-2000c, in, ip, ir, ipspell-3.1, up
Rpm -U DansGua*.rpm
Rpm -U SysVinit*
Rpm -U X*.rpm
Cp blacklists*.gz /etc/dansguardian
Cp ban*.zip /etc/dansguardian
Tar -zxpf blacklist*.gz
Mv bannedphraselist bannedphraselist.old
Change the line with vmlinuz...... to be just vmlinuz
Type Lilo <enter>
Restart the system with shutdown -r now
Startx if it runs O.K. at a good resolution the move on else exit and run Xconfigurator
If gnome crashes then use ps -ax to find the pid (number) for gnome session and kill it.
Set the following applications to boot on startup
Default routers 192.168.0.254
Dns servers 192.168.0.1, 126.96.36.199
Find the line with domain name servers set to 192.168.0.1,188.8.131.52
Http accel host "virtual" (make sure to DESELECT default)
http accel port 80
http accel with proxy on
http accel user header yes
Select <client address> and click <Create New ACL>
Acl name localnetwork
192.168.0.1 192.168.0.254 255.255.255.0
Add proxy restriction
And select the name localnetwork and save
Move the restriction to the top of the list
Return to squid menu
Initialize the cache as squid (if this has not been done)
Start squid or apply changes
Startx if not already started
Use system -> control panel
Make sure that DG starts at number 99 and squid at 87 on runlevels 3 and 5
Squid must load first
Control alt F3 and login if not already done
Change YOUR-SERVER to 192.168.0.1:81
Change reporting level and log level to taste. (log level is best it is only records violations.
Prefered log settings, only log violations, and reporting only level 1.
cp dansguardian.conf dansguardian.good
(this is upgrade protection. Upgrades WILL erase this file)
Remove leading # (comment) characters from entries except the line containing proxy (it may not be in your blacklist and Dg will fail to start)
Notes: These setups are made to allow teachers to log in and restart the internet if it should shutdown for some reason.
http://192.168.0.1:10000 if not already done.
Log in with root xxxxxx
Goto webmin -> webmin configuration
Goto webmin modules
Set module to clone to custom commands
Set the name to Dansguardian restart
Clone the module
Webmin index -> Others -> Dansguardian Restart
Create a new custom command
Description -> Internet Restart
Command -> /etc/rc.d/init.d/dansguardian restart
Run as user -> root
Webmin index -> Webmin -> Webmin Users
Create a new webmin user
Username -> user
Password -> password
Modules -> select dansguardian restart
Set your client for both ports 8080 and 3128
8080 should be filtered and 3128 unfiltered.
Many thanks to firstname.lastname@example.org whoever you may be ;-) for this fine info.
if using ipchains add...
/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 8080
/sbin/ipchains -A input
if using ipfwadm add...
/sbin/ipfwadm -I -a accept -P tcp -D 0.0.0.0/0 80 -r 8080
For Masquerading Add
/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ