BUSCA

Links Patrocinados

Destaques NetSaber:
- Apostilas para Concursos Públicos
- Resumo de O Mundo de Sofia
- Telecurso 2000
- Apostila para Concursos
- Apostilas de Direito
- Apostilas de Contabilidade
- Resumo de O Guarani
- Resumo de Iracema
- Resumo de Dom Quixote
- Apostilas de Inglês
- Resumo de Dom Casmurro
- Apostilas de Informática
- Resumo de A Moreninha
- Apostilas para Vestibular
- Resumo de A Arte da Guerra
- Receitas Culinárias
- Dicionário de Português
- Frases e Citações
- Interpretação dos Sonhos
- Fontes Grátis
- Notícias
- Artigos
- Artigos sobre Fisioterapia
- Livros de Machado de Assis
- Livros de Casimiro de Abreu
- Download de Livros
- Livros de Filosofia
- Livros de Administração
- Livros de Direito
- Livros de Agronomia

Overview:In this report, I will talk about basic ISA server and Squid Server configurations A lot of technical people switch between ISA server and Squid server, so I just decided to write this report to present some reference when configuring ISA and Squid. There a lot of issues that not covered, and you can go to the manual of ISA server and Squid server for detailed configuration of ISA and Squid.The report is composed from two partsMicrosoft ISA server 2004 ConfigurationLinux Squid Server ConfigurationNote that, I could not make simulation because of the lack of resources, as testing firewall configuration requires many computers, with one of them should have many network cards. Also the ISA server is not used in the computer center now.My conclusion is that, the ISA server can be implemented as a firewall and proxy with wide range of topologies, application filters and intrusion detections. Also the ISA server supports many server publishing scenarios. But implementing the ISA server needs proper topology and configuration of the server, and the firewall clients should be a member of ISA server domain. Squid server can be implemented as proxy server to access http, ftp, gopher and wais sites, although it can block some type of traffics according to the given restriction rules. Shown down extracted part of my book,2. Linux Squid Configuration:2.1. Setting up the Cache:Go to to webmin http://127.0.0.1:10000, then servers, then squid proxy sever, accept the defaults that the cache in /var/spool/squid and the user is squid, initialize the cache, #squid -f /etc/squid/squid.conf -z ..From the webmin squid server module you can change the caching an proxy options as you wish. I prefer if you increase the size of cache to 1GB.2.2. Ports and networking:By default, Squid listens for proxy requests on TCP port 3128 on all of your system?s IP addresses. Because this is not the usual port on which proxies are run (8000 and 8080 seem to be the most common), you may want to change it. If your system has more than one network interface, you might also want to edit the listening address so that only clients on your internal network can connect. To specify the ports that Squid uses, go to Ports and Networking and set the proxy In the first empty field in the Port column, enter a port number like 8000 or 8080. In the Hostname/IP address column, either select All to accept connections on any of your system?s interfaces or select the second option to enter an IP address in the adjacent text box.Using this table, Squid can be configured to listen on as many ports as you like.ICP is a protocol used by Squid to communicate with other proxies in a cluster. Fill in the ICP port field to listen on a port other than the default of 3130 for ICP. This is not generally necessary, however, as only other proxies ever use this protocol. Squid will normally accept ICP connections on any IP address. To change this, select the second radio button in the incoming UDP address field and enter one of your system?s interface IPs into its text field. This can be useful if all of the other proxies that your server might want to communicate with are on a single internal LAN.With my configuration, I set IP address: 10.12.1.149 and the Port:8080The following procedure made the following changes in the squid config file /etc/squid/squid.conf:http_port 10.12.1.149:8080icp_port 31302. 3. Access Control Lists:An?L is simply a test hat is applied to a client request to see if it matches or not. Then, based on the€Ls that each request matches, you can choose to block it, prevent caching, force it into a delay pool, or hand it off to another proxy server. Many different types of ACL exist?for example, one type checks a client?s IP address, another matches the URL being requested, and others check the destination port, web server hostname, authenticateduser, and so on.From the webmin squid module, choose access control list, and create the desired acls. I created the following acls for sake of testing,Acl nameTypeIncludesDenyed-sitesWeb server hostname.msn.com, .webmin.com, .download.comftpftpInternalClient Address10.12.0.0-10.12.255.254In my case I just created a proxy restriction, that will allow access from the internal network clients, and will prevent access to web servers (denyed-sites: .webmin.com, .msn.com, .download.com), and prevent access to ftp sites. So, I put the action allow, and I set,Match ACLS: .internal aclDon?t match ACL: ftp , denyed-sites aclsThen I moved my ACL up to be above the last default deny all rule.2.4. Connecting to Other Caches:I setup my squid server to consider the computer center proxy server 10.12.0.32:80 as a parent server for it, and my configuration caused the following change in /etc/squid/squid.congcache_peer 10.12.0.32 parent 80 3130Full book can be found in http://www.lulu.com/content/562591