Traffic Shapping Tutorial - HowtoForge - Linux Howtos and Tutorials

Opti ons For Thi s
Howto
Free Support
Paid Support
Navi gati on
[+] Expand [-] Collapse
Howtos
Linux
Android
CentOS
Debian
Fedora
Kernel
Mandriva
PCLinuxOS
SuSE
Ubuntu
Web Server
Apache
Cherokee
Lighttpd
nginx
Backup
Control Panels
ISPConfig
DNS
BIND
MyDNS
PowerDNS
djbdns
Desktop
Email
Anti-Spam/Virus
Postfix
FTP
High-Availability
Monitoring
MySQL
Programming
C/C++
PHP
Samba
Security
Anti-Spam/Virus
Storage
Virtualization
KVM
OpenVZ
VMware
VirtualBox
Xen
Other
FreeBSD
Commercial
Mini-Howtos
Forums
Contribute
Subscription
Login
Register Login Contribute Subscribe RSS
News FAQForge ISPConfig Subscribe Contribute Forums Howtos

Squid Proxy Sites P
pfSense - Squid +Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...
1 sur 12 23/12/2013 14:48
Site Map/RSS Feeds
User l ogi n
Username:
Password:
Remember Me?
Create a new account
Request new password
Facebook
HowtoForg
6 J aime J aime
Who's onl i ne
There are currently 9 users
and 3424 guests online.
HowtoForge
Forums
Mail server
problem
Nginx - Cannot add
new websites using
IP ...
contents directory
Upgrading
roundcube to 0.9.5
how-to
Iptable error
"Use the
CT iptables target
...
Blank main page
postfix problem
Unable to connect
my ip with 8080
port
different sites
get mixed up - due
to local ...
postfix setup!
News
Valve Releases New
SteamOS Beta With
Updated Drivers
Firefox Developers
Continue Tuning ASM.js
Performance
Eye of GNOME 3.11.3
Allows for Transparent
2 sur 12 23/12/2013 14:48
Backgrounds
NVIDIA Optimus Linux
Power Battery Tests
A collection of 12 Tweaks
for Ubuntu and related OS
Linux Mint 16 Petra KDE
released!
oVirt 3.3.2 hackery on
Fedora 19
Linux Mint 16 Petra Xfce
released!
Secrets Of Rtikon
Open-World 2D Exploration
Game Releases Alpha 9
With Linux Support
Gummiboot UEFI Boot
Manager Update Pushes
New Features
more
Recent comments
mail server problem
1 hour 59 min ago
Error - Monit page
doesn't show after
install
14 hours 27 min ago
if,after install ispconfig, mail
don't work
1 day 17 hours ago
Re: Re: Re: Could not
connect to host
1 day 18 hours ago
thanks, this helped
2 days 1 hour ago
Re: phpmyadmin is not
working
2 days 18 hours ago
Hi ! and thanks for that
3 days 16 min ago
Thank you so much
3 days 11 hours ago
none
4 days 11 hours ago
Re: Problme
4 days 11 hours ago
Newsl etter
Subscribe to
HowtoForge
Newsletter
and stay informed about
our latest HOWTOs and
projects.
enteremailaddress
(To unsubscribe from
our newsletter, visit this
link.)
English | Deutsch | Site Map/RSS Feeds | Advertise
3 sur 12 23/12/2013 14:48

10 Tweet 57
You are here: Home Howtos Other PfSense - Squid + Squidguard / Traffic Shapping Tutorial
pfSense - Squid + Squidguard / Traffic Shapping Tutorial
Want to support HowtoForge? Become a subscriber!
Submitted by neofire (Contact Author) (Forums) on Wed, 2012-09-26 14:43. :: Other |
FreeBSD
pfSense - Squid + Squidguard / Traffic Shapping
Tutorial

In this tutorial I will show you how to set up pfSense 2.0.1 up as an Internet
Gateway with Squid Proxy / Squidguard Filtering. I will also show that you
have to configure some extra features of pfSense like traffic shapping with
squid. This type of configuration would be useful for people who want to set up
wireless hot spots or Internet cafe's etc.

Requirements
This tutorial assumes that you already have a pfsense (version 2.0.1 Minimum) installation running with your network interfaces
configured and basic firewall rules configured.

Installing Packages to pfsense
First of all lets start by installing the extra packages that we are going to requires
Login to your pfsense's Web Administrator, and click on "Server -> Packages", scroll down the list and find squid and click on "+"
button to install, wait for the process to finish then return to the packages section and look for squidguard and install that
package as well.
91 Like Like Share Share
4 sur 12 23/12/2013 14:48
To confirm that the packages have been installed, refresh the web interface and goto "Services" menu and look for Proxy Server
& Proxy Filter, if they both appear in the menu they have been installed correctly, reboot the pfSense Box.
NOTE: There have been a couple of instances where I have had to reinstall the squid package right after I have installed the
squidguard package, the reason behind this is after I install the squidguard package I am unable to access the Proxy Server
Configuration, if this happens go back to the packages menu, click on installed packages tab, then select reinstall on the squid
server entry (this has only happened in versions prior to 2.0.1).

Configuring Proxy Server Package
Once pfsense has been rebooted we want to configure the proxy server settings, (now in this tutorial I am setting up the proxy
server as a transparent proxy, if you want to set this part up differently please do you research into squid configuration, the
pfsense web site has configuration guides for squid aswell), click on Services -> Proxy Server.
On the General Tab, you want to set the following settings, the Proxy Interface Option should be set to "LAN", and because I am
setting this up as a transparent proxy server, tick the "Transparent Proxy" check box.
I would strongly recommend logging to be enabled on your proxy server, as it will come in handy should you need to trouble
shoot a issue or just see what people are doing on the Internet etc. Tick the "Enabled Logging" Checkbox, set the log store to the
default location " /var/squid/logs " rotate your logs every 7 days, set your proxy port to port number 3128 ( remember this port
number as we will need it when we set the firewall rules up), add a visible hostname and an administrator e-mail address, and
set your required language, then click on the Save button.
5 sur 12 23/12/2013 14:48
Next click on the "Cache Mgmt" tab, by default the Hard Disk Cache Size is set to 100mb, I would strongly recommend that you
increase this, now it will depend on how big your HDD is that will determine how big you make it, but also keep in mind the
more people using this proxy the more space you need to allocate, after that is set leave the rest of the page at default settings
and click on Save.
Click on the Access Control Tab next, in the allowed subnets field type in your required subnets, (eg: 192.168.255.0/24); keep in
mind that if you have more then one subnet accessing this proxy you need to specify each subnet on its own line.
Scroll down until you see "ACL Safeports and ACL SSLPorts" in these fields you will have to type in what ports you want open
threw your proxy server, you will need to do some research on this, find out what applications are being used on this network,
6 sur 12 23/12/2013 14:48
and specifiy your required porst effectlive. For this howto I am just going to use port 80 and 443 as these are the only too ports
that I need to see if you have web pages and for some basic Internet applications to work, if you want other applications to have
access to the Internet, do some reading on what ports are required and then update the pfsense box, once set click on Save.
Now for the people who wish to throttle the speed of which users get access to the Internet, click on the Trafic Mgmt tab, and set
(in kilobytes) what speed you want to restrict users too, click on Save once done.

Configuring SquidGuard Filtering
Now thats is the proxy server configured, next we are going to configure SquidGuard, click on the Services menu and select the
Proxy Filter button, tick the following 3 check boxes "Enable", "Enable GUI Log" and "Enable Log" then click the Save button,
once the page has reloaded click on apply and then confirm that the Squidguard service is running by making sure the
Squidguard status is set to STARTED.
7 sur 12 23/12/2013 14:48
Stay on the General Settings Tab and scroll down to the blacklist area and tick the box that says Enable Blacklist, and in the
blacklist URL type the following http://www.shallalist.de/Downloads/shallalist.tar.gz, and click Save; this is so we can
download the blacklist data. Click on the Black list tab and add the save the same URL as before to the Update Address and click
on Download. Wait for the process to complete.
8 sur 12 23/12/2013 14:48
Next click on the common ACL tab, and the click on Target Rules List, and select every rule that you want block or allow, then
add a message to the Proxy Denied Error Field, I am currently just using the default one they suggest (look at sceenshot for
example), leave redirect mode at Int Error page so it will use the message you type in, tick the Log Check box then click on
Save.
9 sur 12 23/12/2013 14:48
10 Tweet 57
Once that is set up test your proxy and make sure everything is working. I hope this has been a help to you, and keep an eye
out for the next tutorial which will be implenting Captive Portal to this setup.
Copyright 2012 Kyle Hartigan
All Rights Reserved.
add comment | view as pdf | print
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
transperant proxy
Submitted by poojarakesh (registered user) on Wed, 2013-09-25 06:47.
you need to mention the transperant proxy option
reply | view as pdf
Browsing Issue
Submitted by azeemmasghar786 (registered user) on Thu, 2013-02-28 12:42.
Hi guys,
I am using pfsense on my network and working good but have one problem that sometime pfsense not open sites on one click when we hit
3,4 or 5 times then open.
Any one know what reason and solution plz share with me. Ntop,Squid and squid guard also installed in pfsense.
thanks
reply | view as pdf
What is PFSense, PFSense Feature, PFSense Installation step
Submitted by azeemmasghar786 (not registered) on Mon, 2012-12-24 21:14.
I see this post again because for the first when see then setting required to me.I have a knowledge about PFSense that given below and
below link.
Pfsense is a FreeBSD based Open source Firewall Router. Pfsense is basically using as a gateway device (firewall and router). But it can be
expandable as many Server services like DNS, DHCP, and Proxy Servers. Here I submit step by step procedure to install a Pfsense based
Proxy server.
Proxy Servers
reply | view as pdf
91 Like Like Share Share
10 sur 12 23/12/2013 14:48
What is the best way to redirect one URL to another? Rewrite?
Submitted by Anonymous (not registered) on Wed, 2012-12-19 02:36.
Pfsense 2.0.1 latest build. Everything working great with Squid, squidguard,and Muli-wan.
Trying to rewrite youtbe.com -> http://youtube.com/?edufilter=zyshXjlHxWvXP-I9x3Wqjg
Should be easy? Not sure I understand rewrite vs. redirect as the best solution.
Added target category youtube
block youtube in ACL
Have rewrite defined
click on apply and also restarted squid and squidguard services
I will keep trying
At one point using redirect only was getting it to redirect but getting a redirect loop in the client browser.
Have not found any step by step how to do a simple redirect.
Any advice is appreciated.
International school in Chiang Mai Thailand
reply | view as pdf
Thank you for your nice
Submitted by Anonymous (not registered) on Sun, 2012-11-25 21:31.
Thank you for your nice tutorial. Do you also know how to configure squid as https proxy in non transparent mode?
reply | view as pdf
Thank you for this!
Submitted by JKeller1068 (registered user) on Thu, 2012-10-11 21:59.
Thank you for this!
reply | view as pdf
When you mentioned "set your
Submitted by Ricky Kua (not registered) on Thu, 2012-09-27 02:37.
When you mentioned "set your proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rules
up)", there are no screenshots added as to what rules should you set in the firewall.
As for "ACL Safeports and ACL SSLPorts", do we need to add in port 53 for resolving of URL?
reply | view as pdf
Squid and Squid Guard
Submitted by Anonymous (not registered) on Mon, 2013-09-02 18:28.
Sorry to say this. why don't you start from the beginning how to configure. Include on your tutorials simple Network diagrams + the
following list of configurations. Otherwise it is a waste of time reading your tutorials. 1. NIC configuration 2.Pfsense WAN and LAN
Config 3. The Firewall Rules 4. Proxy server config. 5. SquidGuard Config. You have said in the beginning " When you mentioned "set
your proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rules up)", there are no
screenshots added as to what rules should you set in the firewall." . It seams you don't know the firewall part configurations. Because
screen shots are easy to put one your tutorials. It is a matter of copy and paste. I am Sory for my words. I am really looking to solve
this problem. But never came with a simple, step by step configuration to configure 1. Pfsense to work just for internet access without
proxy and filtering. a. adding a firewall. 2. Pfsense and Proxy only. 3. Add on the above filtering capability (SquidGuard). 4. Testing your
configurations. 5. Reporting using Light Squid. I believe the above steps are a fully functional firewall applications only if they are
properly configured and tested.
reply | view as pdf
11 sur 12 23/12/2013 14:48
Howtos | Mini-Howtos | Forums | News | Search | Contribute | Subscription
Site Map/RSS Feeds | Advertise | Contact | Disclaimer | Imprint
Copyright 2013 HowtoForge - Linux Howtos and Tutorials
All Rights Reserved.
12 sur 12 23/12/2013 14:48

Traffic Shapping Tutorial - HowtoForge - Linux Howtos and Tutorials

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Traffic Shapping Tutorial - HowtoForge - Linux Howtos and Tutorials

Hochgeladen von

Copyright:

Verfügbare Formate

Opti ons For Thi s

Das könnte Ihnen auch gefallen