Anjuna Beach in Goa

8-km west of Mapusa, Anjuna is one of the most popular beach in Goa. The sea is calm so you can enjoy swimming or enjoy the allure of sunset from any of the beach resorts’ balcony.
Enjoy the funky music and loud beach parties that are a fixture of Anjuna. For the gourmets Anjuna offers the best of western seafood. You can choose from amongst any of the beachfront or village hotels.
All of them are equally simple and serve equally delighting food and chilled beer.



The place has life and enthusiasm written in its air. The all night long beach parties, the Christmas to New Year frenzy or the swanky full moon parties, Anjuna is always up for it. On a day trip to Anjuna you can savor the best delights at the famous flea market or the shopping hangout off the beach or else you can enjoy the easy strolls on a moonlit night on the cool silvery sands.

Other categories

Cisco Jokes Photos Tutorials Voip Goa

Setting Up Squid As A Transparent Proxy
I configured the Squid as a transparent proxy at one of our clients place.Transparent proxy means you do not have to do the changes in the browsers only after keeping the gateway as Squid server for the machines will suffice.

i) System: Pentium Dual Core with 765 MB RAM
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)

Eth0 connected to internet and eth1 connected to local lan i.e. system act as router.

I searched on the google and go this wonderful document on setting up Squid as a transparent proxy.
http://www.cyberciti.biz/tips/linux-set ... howto.html

Here I am pasting the contents from the same URL
---------------------------------------------------------------------------------------------

Server Configuration

* Step #1 : Squid configuration so that it will act as a transparent proxy
* Step #2 : Iptables configuration
o a) Configure system as router
o b) Forward all http requests to 3128 (DNAT)
* Step #3: Run scripts and start squid service

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan



Where,

* httpd_accel_host virtual: Squid as an httpd accelerator
* httpd_accel_port 80: 80 is port you want to act as a proxy
* httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
* httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
* acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
* http_access allow localhost: Squid access to LAN and localhost ACL only
* http_access allow lan: -- same as above --

Here is the complete listing of squid.conf for your reference (grep will remove all comments and sed will remove all empty lines, thanks to David Klein for quick hint ):
# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'

OR, try out sed (thanks to kotnik for small sed trick)
# cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'

Output:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname myclient.hostname.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128





Here is complete shell script. Script first configure Linux system as router and forwards all http request to port 3128 (Download the fw.proxy shell script):
#!/bin/sh
# squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

Save shell script. Execute script so that system will act as a router and forward the ports:
# chmod +x /etc/fw.proxy
# /etc/fw.proxy
# service iptables save
# chkconfig iptables on




Start or Restart the squid:
# /etc/init.d/squid restart
# chkconfig squid on

Desktop / Client computer configuration

Point all desktop clients to your eth1 IP address (192.168.2.1) as Router/Gateway (use DHCP to distribute this information). You do not have to setup up individual browsers to work with proxies.



Other categories

Cisco Jokes Photos Tutorials Voip Goa

Untangle - An Opensource Gatway AV with Web Filtering

Untangle available from http://untangle.com is avaailable as an opensource software to use as Gateway Antivirus, Firewall with follwing features
-Web Filter
-Spam Blocker
-Spyware Blocker
-Protocol Control
-Ad Blocker
-Virus Blocker
-Firewall
-Open VPN


It can
Protect your Network
Untangle protects you from malicious incoming Internet threats such as viruses, spyware, hackers, identity thieves and more.

Monitor Apps & Network
Monitor online behavior at the user, client and incident level. You can see what web sites are being visited, by whom, on what system.

Control your Network
Restrict access to inappropriate sites, manage when certain sites can be accessed, and control undesireable Internet activity, like web shopping during work hours.

It has paid up version also which the user can download for extra capabilities
It includes
-eSoft Web Filter
-WAN Balancer
-Remote Access Portal
-Kasperesky Virus Blocker
-WAN Failover
-Policy Manager
-Commtouch Spam Booster

and also includes live support



You can load the Untangle through Vmware, as a standalone OS or as a windows application on a windows based PC

In the Vmware and standalone version can act in transparent mode and if you would like to test it features then you can
install it as an application on any windows PC in your network with 2GB RAM and Dual Core CPU without changing your network.
It can still act as a gwateway to all the machines using proxy arp feature.



Other categories

Cisco Jokes Photos Tutorials Voip Goa