key rack research

DEBIAN LINUX DANSGUARDIAN

Intro

This is intended to be short and efficient.

It is suggested to do this locally, not remotely. However, if you must, please pay close attention so as to not lock yourself out of the box.

Notes for this HowTo Quickie

LAN interface: eth0

WAN interface: eth1

Hardware

Make sure to have two separate Network Interface Cards installed. One will go to the LAN, the other, the WAN, obviously ... we hope.

Install Debian

It has yet to be proven that this is a necessary step.

back to top «

Setup Interfaces

Here is my /etc/network/interfaces file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The LAN network interface
auto eth0
iface eth0 inet static
address 10.1.2.1
netmask 255.255.255.0
gateway 10.0.0.1

# The WAN network interface
auto eth1
iface eth1 inet static
address 10.0.0.200
netmask 255.255.255.0
gateway 10.0.0.1

back to top «

Login & Install iptables

# Login as root.

# Most likely iptables is part of your Debian install, but just in case...
apt-get update
apt-get install iptables

back to top «

Groundwork

I need to add a class or such for code. Until then, save the following into a file called:

/etc/network/if-up.d/iptables

#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Always accept SSH traffic
iptables -A INPUT -i eth0 -d 10.1.2.1 -p tcp --dport 22 -j ACCEPT

# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow port 8080 (Dansguardian) to receive connections
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT

# Redirect port 80 to Dansguardian (port 8080)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 8080

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

# Global REJECTs
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

Now chmod the file so:

chmod +x /etc/network/if-up.d/iptables

back to top «

NEXT

Not sure what goes here ...

back to top «

Install Squid

apt-get update
apt-get install squid

back to top «

Edit Squid

vi /etc/squid/squid.conf

back to top «

Install DansGuardian

apt-get update
apt-get install dansguardian

back to top «

Tweak DansGuardian

# blah

back to top «

Debian Linux Resources