Dansguardian tinyproxy
De Wiki de Nelly & Richard.
 |
 |
Sommaire |
fichier /etc/tinyproxy/tinyproxy.conf
User nobody Group nogroup Port 3128 Listen 127.0.0.1 Timeout 600 DefaultErrorFile "/usr/share/tinyproxy/default.html" StatFile "/usr/share/tinyproxy/stats.html" Logfile "/var/log/tinyproxy.log" LogLevel Info PidFile "/var/run/tinyproxy/tinyproxy.pid" MaxClients 100 MinSpareServers 5 MaxSpareServers 20 StartServers 10 MaxRequestsPerChild 0 Allow 127.0.0.1 ViaProxyName "tinyproxy" ConnectPort 443 ConnectPort 563
fichier /etc/dansguardian/dansguardian.conf
reportinglevel = 3 languagedir = '/etc/dansguardian/languages' language = 'french' loglevel = 2 logexceptionhits = 2 logfileformat = 1 filterip = filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' nonstandarddelimiter = on usecustombannedimage = on custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' filtergroups = 1 filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' bannediplist = '/etc/dansguardian/lists/bannediplist' exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' showweightedfound = on weightedphrasemode = 2 urlcachenumber = 1000 urlcacheage = 900 scancleancache = on phrasefiltermode = 2 preservecase = 0 hexdecodecontent = off forcequicksearch = off reverseaddresslookups = off reverseclientiplookups = off logclienthostnames = off createlistcachefiles = on maxuploadsize = -1 maxcontentfiltersize = 256 maxcontentramcachescansize = 2000 maxcontentfilecachescansize = 20000 filecachedir = '/tmp' deletedownloadedtempfiles = on initialtrickledelay = 20 trickledelay = 10 downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' contentscannertimeout = 60 contentscanexceptions = off recheckreplacedurls = off forwardedfor = off usexforwardedfor = off logconnectionhandlingerrors = on logchildprocesshandling = off maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 maxips = 0 ipcfilename = '/tmp/.dguardianipc' urlipcfilename = '/tmp/.dguardianurlipc' ipipcfilename = '/tmp/.dguardianipipc' nodaemon = off nologger = off logadblocks = off loguseragent = off softrestart = off mailer = '/usr/sbin/sendmail -t'
iptables
Les deux règles iptables qui vont biens
# iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner nobody -j ACCEPT # iptables -t nat -A OUTPUT -p tcp -d ! 192.168.1.1 --dport 80 -j REDIRECT --to-ports 8080
iptables-save
# Generated by iptables-save v1.4.1.1 on Sun May 3 10:52:02 2009 *mangle :PREROUTING ACCEPT [600:67315] :INPUT ACCEPT [600:67315] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [593:66689] :POSTROUTING ACCEPT [593:66689] COMMIT # Completed on Sun May 3 10:52:02 2009 # Generated by iptables-save v1.4.1.1 on Sun May 3 10:52:02 2009 *nat :PREROUTING ACCEPT [1:60] :POSTROUTING ACCEPT [15:902] :OUTPUT ACCEPT [11:662] -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner nobody -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 COMMIT # Completed on Sun May 3 10:52:02 2009 # Generated by iptables-save v1.4.1.1 on Sun May 3 10:52:02 2009 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -s 192.168.1.1/32 -i eth0 -p udp -m udp --sport 53 -j ACCEPT -A INPUT -j LOG -A FORWARD -j LOG -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -j LOG COMMIT # Completed on Sun May 3 10:52:02 2009
