i have one static broadband connection which is coming to my Ubuntu server with 2 lan cards, there are 10 more PC's to which i need to provide internet connection through Ubuntu server as well as i have to block social networking websites access during office hours. Now i am getting confuse with the way i should follow
- i should go for sharing internet connection & firewall building or
- should configure DHCP server,router & firewall.
which will be easiest setup and what i should do for that.
coz its first time i will be doing.
It's not ubuntu, but it is debian derived. You might have a look at Untangle. Seems like it's exactly what you want with less complexity than putting in a bunch of command lines and it has a manual. Their official website is here.
You can configure using Squid proxy server and Dansguardian content filtering combination The following is the link and the steps
http://kamleshgosavi.blogspot.in/2011/01/dansguardian-content-filtering-with.html
Dansguardian Content Filtering With Squid Transparent Proxy On Ubuntu Dansguardian Content Filtering With Squid Transparent Proxy On Ubuntu
sudo apt-get install squid3 sudo nano /etc/squid3/squid.conf
(Search for http_port 3128 and add following ) http_port 3128 transparent
(Search for INSERT and add following )
acl localnet src 192.168.2.0/24
http_access allow localnet http_access allow localhost
sudo /etc/init.d/squid3 restart For squid in detail follow the below link dont follow the IPtable part from this link
http://kamleshgosavi.blogspot.com/2011/01/squid3-transparent-proxy-setup.html
Set Up DansGuardian; Internet Content Filter While most "Internet filtering" programs merely ban certain blacklisted URLs, DasGuardian actually looks at the content as well as the blacklist so that you don't have to subscribe to a service to have updated blacklist. What's more, DansGuardian is free! Are you getting exhausted from all the programs you've had to set up? Well this is the meat of the proxy server that we wanted to build. Unless you'd like to have more features than Internet filtering and caching, this is the last page of instructions you have to follow. Let's get started.
apt-get install dansguardian
Now the configuration file is /etc/dansguardian/dansguaridan.conf.
vim /etc/dansguardian/dansguaridan.conf
Find the following 4 entries and set the values to be the same as shown below. Note that the value for filterip is supposed to be blank.
-# Network Settings
-# the IP that DansGuardian listens on. If left blank DansGuardian will
-# listen on all IPs. That would include all NICs, loopback, modem, etc.
-# Normally you would have your firewall protecting this, but if you want
-# you can limit it to only 1 IP. Yes only one.
filterip =
-# the port that DansGuardian listens to.
filterport = 8080
-# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
-# the port DansGuardian connects to proxy on
proxyport = 3128
Finally comment out (put # in front of it) the following line (bolded) and you are all set!
UNCONFIGURED - Please comment this line after configuration
Now we must restart Dansguarian. For unknown reasons to me, I have had troubles (not always) with restarting Dansguardian. However, stopping and starting Dansguardian always worked. Weird, huh? But that's what I'm going to show here.
/etc/init.d/dansguardian stop /etc/init.d/dansguardian start
Test Proxy Open Firefox.
Go to http://tits.com or any other known bad site.
The site should display.
Now in Firefox select:
Edit > Preferences > Advanced > Connection > Settings
Select Manual proxy configuration.
In the HTTP Proxy box type: 127.0.0.1(IP address of proxy) Port: 8080
Place a check in the box labeled Use this proxy server for all protocols. Click OK then Close.
Go to http://google.com and Google should be displayed. Click Refresh and verify it's still working.
Go to http://tits.com or any other known bad site.
The site should show as blocked. You may have to hit refresh for this to work. At this point, the proxy is working.
Now in Firefox select:
Edit > Preferences > Advanced > Connection > Settings Select No proxy.
Click OK then Close.
To exclude the Particular Machine add the IP and restart the service
sudo vi /etc/dansguardian/lists/exceptioniplist
Starting Dansguardian may take a long time (a few minutes), but that is normal in my experience.
The default settings for Dansguardian are fairly strict and there might be legitimate websites that you are blocked from viewing. In that case, you can configure the files within /etc/dansguardian directory. For instance, if you want to explicitly allow a website, you can add the site URL to the file "exceptionsitelist." Also you probably want to comment out most of the MIME file types and file extensions, which have to do with streaming media and downloading respectively. The files for MIME and extensions are "bannedmimetypelist" and "bannedextensionlist." As always, I recommend commenting out entries rather than erasing them.
If you change these configuration files, remember to restart Dansguardian. For Transparent proxy
Edit the /etc/sysctl.conf
Uncomment the line that enable packet forwarding for IPv4 and IPv6
Step 7. Edit rc.local
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE