Posts

Showing posts from November, 2011

Common Squid Requirements - Part 2

7. Set Maximum Download SizeTo set the maximum size of a file to be downloaded, the parameter reply_body_max_size can be used. The size is calculated in bytes. For example, if the maximum size of download is 50 MB (50*1024*1024 = 52428800), then here's how it is done-


root@firefly:~# vim squid.conf


#### Declaring the ACL ####
acl our_network src 192.168.10.0/24
acl vip src 192.168.10.100



#### Applying the ACL ####
#### Again, the sequence is important ####


reply_body_max_size 0 allow vip
#### the vip has no size restrictions ####


reply_body_max_size 52428800 deny our_network
#### no one in our LAN can download files larger than the limit ####


root@firefly:~# squid -k reconfigure
#### this command can be used to tune squid with last configuration without restarting ####
8.Setting Specific Time/Date for Internet AccessThe following lines have been taken from the file squid.conf. Each day can be represented by an alphabet. Moreover, browsing time can be limited using h1:m1 – h2:m2 parameters…

Common squid requirements - Part 1

In this segment, we would be accomplishing the following:
block specific websiteblock multiple websiteblock specific ipblock multiple ipblock specific macblock multiple macset maximum  download sizeset time/date limit for browsingSetting up mandatory authentication before internet accessWe assume that our network is 192.168.10.0/24.1. Blocking a Specific WebsiteAlthough a website can be blocked using different parameters, the best way to block a website using squid is the 'url_regex' parameter. url_regex checks link inserted in the browser for matching syntax. For example, if we tell squid to block any website that has the word “jumble” in it, then any website, like jumbleA.com, jumbleB.com, jumbleC.com would be blocked.

root@firefly:~# vim squid.conf
#### Declaring the acl ##### acl our_network src 192.168.10.0/24 acl bad_site url_regex .jumble.com#### for example, anything.jumble.com, anything2.jumble.com, anything3.jumble.com ####
#### Applying the acl ######## the sequ…

Deploying Transparent Proxy Server using SQUID (Minimum Configuration)

This section only describes the minimum configuration needed for Transparent Proxy Server. Tweaking and tuning would be discussed in later sections.
The Proxy service is a service that manages requests on behalf of another service. For example- if we want to filter and manage web requests (usually tcp port 80), we assign 'another' service to oversee the task. The 'other' service is the Proxy server.
One may think, why would I use a proxy when I can control and filter web traffic using Firewall. Well, the answer is
Caching: The proxy server caches frequently accessed web elements in the RAM and Hard Drive of the computer. If a requested web element is found in the cache, the element is supplied to the user from the cache. Since the cached element is fetched from the LAN, the time is significantly reduced. This gives us two outputs. Speeds up the Internet browsing experience Saves bandwidth as the same element is not fetched over and over again from the Int…

Kicking out a logged in user in Linux

Another thing that I never did before. Suppose, you have a system and there are currently logged in users that you want to terminate. The easiest way to check for logged in users is:

[root@busy-bee log]# w
 13:06:51 up  1:24,  2 users,  load average: 1.15, 1.10, 1.15
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
sarmed   pts/0    192.168.1.6      12:36    0.00s  0.06s  0.03s sshd: sarmed
mujahid  pts/1    192.168.2.9      11:48    1:17m  1:03m  0.04s sshd: mujahid

Now,suppose, I want to terminate the session for user mujahid. This is how it is done-

[root@busy-bee log]# pkill -KILL -u mujahid
[root@busy-bee log]# w
 13:08:47 up  1:26,  1 user,  load average: 1.09, 1.10, 1.14
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
sarmed   pts/0    192.168.1.6      12:36    0.00s  0.08s  0.03s sshd: sarmed
Piece of cake.

Additional options:
To 'pause' a user:
[root@busy-bee log]# pkill -STOP -u mujahid
To 'resume' a user:
[root@busy-…

Static Routes Using Linux

Image
My workplace LAN has around 500 hosts, and to make it more complicated, the hosts are spread across 6 geographic location. I would still call our network a LAN because the administrative privilege is limited to a few people. Anyway, like any other huge network, the LAN had broadcast problems, usually caused by viruses & Windows net-bios broadcast. The management had used separate IP addressing scheme for different campuses, but what they failed to realize is that, unless a layer-3 device is deployed, the network is one HUGE broadcast domain regardless of the IP addressing scheme.

Anyway,  I wanted to deploy Cisco Catalyst switches to implement VLAN to reduce the size of broadcasts. But somehow the management always prefers cheaper solution, right? My case is not much different. As a cheaper alternative, I have recently deployed a Linux host that acts as a Router to divide broadcast domain. Now the technical stuff begins.

Let us assume that there are 3 Linux computers. firefly and …