nufw-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nufw-users] nufw and squid

From: maria perez
Subject: [Nufw-users] nufw and squid
Date: Fri, 11 Nov 2005 10:47:11 +0100 

Hello
I am investigating the characteristics of nufw and how works regarding the proxy squid. I write this message to verify I have understood correctly the nufw's documentation and its behaviour. Maybe I seem a bit clumsy but due to my problems to understand english completely and my ignorance in relation to security systems I prefer insure I have understand how I must configure nufw. 

The coniguration we want to establish is:
To use the proxy squid to the web content filter and we need establish transparent authentication for users at the same time the proxy works in transparent manner, all in a single host. 

I am going to install nufw in the system with the options of configure:
--with-system-auth --with-mysql-log --sysconfdir=/etc/nufw --with-debug
The only users i have to check are the system users, in order to achieve this I have to config nuauth to does authentication against PAM, then i think the module for acl must be plaintext.(although i don't understand well what role acls fulfill if my acls are defined in the plugin squidguard)
On the other hand I must config nufw authenticated connections tracking, to it i have to setup the mysql module, create a sql database, a sql account with update and insert privileges on the conntrack_ulog table. Beside to provide authentication to squid with the module squid_nufw_helper I need a sql user with select permissions on the contrack_ulog table and config the module to use the sql table configured. 

Is all correct?

Many thanks for your patience.

Kind regards
  Maria


From: Eric Leblond <address@hidden>
To: maria perez <address@hidden>
CC: address@hidden
Subject: Re: [Nufw-users] nufw and squid
Date: Wed, 02 Nov 2005 11:54:53 +0100

Le mercredi 02 novembre 2005 à 10:46 +0100, maria perez a écrit :
> Hi,
> I am new in this list.
> I have discovered nufw searching solutions to my problem. I have working in > a tool for paternal control of the web use. We are using the proxy squid to 
> the content filter and we need establish transparent authentication for
> users  at the same time the proxy works in transparent manner.
> I have read nufw offer these capacitys with the module squid-nufw-helper. If 
> i am not in a mistake about with nufw is possible squid works like
> transparent proxy and offer transparent authenticacion to the system users. > The idea is squid run in the same host, (like local proxy), with squidguard 
> to filter the web traffic.
> Have you any notice about similar attempt?

Yes, it is a setup that we already thought of and I think some people
have work to achieve this.

> How does it work nufw with squid?

You need to use the SQL database event storage and set up
squid-nufw-helper.

> Could you to guide me in this direction?

The main idea is that you have to put filtering rules in PREROUTING|
mangle as the filtering needs to occur before the NAT is done.
If you do filtering in FORWARD the destination of the packet will be
changed and the nufw client will send erroneous packet.
> Thank you in advance for your attention, and excuse me my irregular english. 

No problem, I'm not a native speaker too ;-)

Don't hesitate to mail back if you need more details.

BR,
--
Eric Leblond <address@hidden>



_________________________________________________________________
Descubre la descarga digital con MSN Music. Más de medio millón de canciones. http://music.msn.es/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]