My Linux

7. Set Maximum Download Size To set the maximum size of a file to be downloaded, the parameter reply_body_max_size can be used. The size is calculated in bytes . For example, if the maximum size of download is 50 MB (50*1024*1024 = 52428800), then here's how it is done- root@firefly:~# vim squid.conf #### Declaring the ACL #### acl our_network src 192.168.10.0/24 acl vip src 192.168.10.100 #### Applying the ACL #### #### Again, the sequence is important #### reply_body_max_size 0 allow vip #### the vip has no size restrictions #### reply_body_max_size 52428800 deny our_network #### no one in our LAN can download files larger than the limit #### root@firefly :~# squid -k reconfigure #### this command can be used to tune squid with last configuration without restarting ####   8.Setting Specific Time/Date for Internet Access The following lines have been taken from the ...

In this segment, we would be accomplishing the following: block specific website block multiple website block specific ip block multiple ip block specific mac block multiple mac set maximum  download size set time/date limit for browsing Setting up mandatory authentication before internet access We assume that our network is 192.168.10.0/24. 1. Blocking a Specific Website Although a website can be blocked using different parameters, the best way to block a website using squid is the ' url_regex ' parameter. url_regex checks link inserted in the browser for matching syntax. For example, if we tell squid to block any website that has the word “jumble” in it, then any website, like jumbleA.com, jumbleB.com, jumbleC.com would be blocked. root@firefly:~# vim squid.conf #### Declaring the acl ##### acl our_network src 192.168.10.0/24 acl bad_site url_regex .jumble.com #### for example, anything.jumble.com, anythi...

This section only describes the minimum configuration needed for Transparent Proxy Server. Tweaking and tuning would be discussed in later sections. The Proxy service is a service that manages requests on behalf of another service. For example- if we want to filter and manage web requests (usually tcp port 80), we assign 'another' service to oversee the task. The 'other' service is the Proxy server. One may think, why would I use a proxy when I can control and filter web traffic using Firewall. Well, the answer is Caching: The proxy server caches frequently accessed web elements in the RAM and Hard Drive of the computer. If a requested web element is found in the cache, the element is supplied to the user from the cache. Since the cached element is fetched from the LAN, the time is significantly reduced. This gives us two outputs. Speeds up the Internet browsing experience Saves bandwidth as the same element is not fetched over and over again...

Another thing that I never did before. Suppose, you have a system and there are currently logged in users that you want to terminate. The easiest way to check for logged in users is: [root@busy-bee log]# w  13:06:51 up  1:24,  2 users,  load average: 1.15, 1.10, 1.15 USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT sarmed   pts/0    192.168.1.6      12:36    0.00s  0.06s  0.03s sshd: sarmed mujahid  pts/1    192.168.2.9      11:48    1:17m  1:03m  0.04s sshd: mujahid Now,suppose, I want to terminate the session for user mujahid. This is how it is done- [root@busy-bee log]# pkill -KILL -u mujahid [root@busy-bee log]# w  13:08:47 up  1:26, ...

My workplace LAN has around 500 hosts, and to make it more complicated, the hosts are spread across 6 geographic location. I would still call our network a LAN because the administrative privilege is limited to a few people. Anyway, like any other huge network, the LAN had broadcast problems, usually caused by viruses & Windows net-bios broadcast. The management had used separate IP addressing scheme for different campuses, but what they failed to realize is that, unless a layer-3 device is deployed, the network is one HUGE broadcast domain regardless of the IP addressing scheme. Anyway,  I wanted to deploy Cisco Catalyst switches to implement VLAN to reduce the size of broadcasts. But somehow the management always prefers cheaper solution, right? My case is not much different. As a cheaper alternative, I have recently deployed a Linux host that acts as a Router to divide broadcast domain. Now the technical stuff begins. Let us assume that there are 3 Linux computers. firef...