Sunday, 20 February 2011

Configure Squid with Dansguardian

1. Configure squid Server
2. Configure Dan guardian
3. Configure Iptables
4. Configure Proxy server as a router.

Our purpose of proxy server is to sharing internet connection for web browsing performance & configures Dan guardian for content and site blocking.

A. Allow Internal to all user with restricted web site and content.
B. Allow limited user can access all site
C. Publish local server as a web server in different-different port.
D. All user can send receive mail from the Outlook but they can’t access restricted site.
E. Allow vnc, Sql server and Remote Desktop Connection access form to internet to External Network.
F. Allow company’s website access to all users


External LAN Card- eth0 (
Internal LAN Card- eth1(

1. Configure and install Squid Server-:

# yum install squid*

Cp /etc/squid/squid.conf /etc/squid/squid.conf.bkp

Vim /etc/squid/squid.conf

visible hostname
http_port 3128

# Restrict Web access by IP address

Acl special_client src “/etc/squid/special_client_ip_txt” # allow all site access users ‘s ip list
Acl our_networks src # allow network
Acl bed url_regex “ /etc/squid/squid/squid-block.acl” # list of block site ‘s name
http_access allow bed special_client # allow access all site to special client list
http_access deny bed our_networks # allow limited access
http_access allow our_networks # allow access to network

vim /etc/squid/special_client_ip_txt
vim /etc/squid/squid_block_acl

Service squid start
# Service squid stop
# Service squid restart

Install and Configure Dansguardain -:
Yum install dans*

Cp /etc/dansguardain/dansguardian.conf /etc/dansguardain/dansguardian.conf.bkp

Vim /etc/dansguardian/dansguardain.conf

Filter ip =
Filter port = 8080
Proxy ip =
Proxy port = 3128

Vim /etc/dansguardian/list/bandsitelist # list of block site
Vim /etc/dansguardain/list/bannedregexpurllist

# Hard core phase ( for content blocking)


Vim /etc/dansguardian/lists/exceptionsitelist
# following site will not be filter by dansguardain. Allow for all users.


# list of ip allow all fitler site.

Configure Iptables-:
# masquerade local lan(eth1)
# redirect all request 80 to 8080 from eth1(local lan)
# publish local website
# allow 80 and 8080 port
$ iptables –t nat –A POSTROUTING –I eth1 –j MASQUERADE
$ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
$ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3128 -j REDIRECT --to-port 8080
$ iptables -t nat -A PREROUTING -p tcp -d --dport 8090 -j DNAT --to-destination
$ iptables –I INPUT –s –p tcp –-dport 80 –J ACCEPT
$ iptables –I INPUT –s –p tcp –dport 8080 –J ACCEPT

Client Site-

Lan setting-


  1. what is the version of Linux kernal or release ?

    it must be mentioned that this configuration worked on which Setup and how many LAN cards, complete details yaar or email address ?

  2. which Linux version ?

    and which kernal tested upon ?