In the following handbook we will show you how to install and configure Squid acting as a transparent proxy server and DansGuardian for content filtering on a FreeBSD system.
Squid is a caching proxy server, which is used for reducing network bandwidth usage and accelerating the web content.
From the official site of Squid:
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
For more information about Squid, please visit the official website of Squid.
In the second part of the handbook we will see how to install and configure DansGuardian - a web content filtering system.
From the official site of DansGuardian:
DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
For more information about DansGuardian, please visit the official site of DansGuardian.
The goal of this handbook is to build a FreeBSD gateway machine that acts as a Squid and DansGuardian content filtering server.
This setup has been tested and confirmed to be running successfully on a FreeBSD 8.2 system. The important thing about our setup is that our firewall and gateway are running on the same machine as Squid and DansGuardian are, in order to have transparent proxy capabilities.
The first part of the handbook covers the installation and configuration of Squid.
In order to install Squid we will use the FreeBSD Ports Collection.
Let's start with the installation of Squid:
# cd /usr/ports/www/squid && make install clean
During the installation of Squid in this handbook the following options were selected.
Once the installation of Squid is over you should see something similar:
===> post-installation information for squid-2.7.9_1: o You can find the configuration files for this package in the directory /usr/local/etc/squid. o The default cache directory is /var/squid/cache. The default log directory is /var/squid/logs. Note: You must initialize new cache directories before you can start squid. Do this by running "squid -z" as 'root' or 'squid'. If your cache directories are already initialized (e.g. after an upgrade of squid) you do not need to initialize them again. o The default configuration will deny everyone but local networks as defined in RFC 1918 access to the proxy service. Edit the "http_access allow/deny" directives in /usr/local/etc/squid/squid.conf to suit your needs. To enable Squid, set squid_enable=yes in either /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid Please see /usr/local/etc/rc.d/squid for further details. Note: If you just updated your Squid installation from 2.6 or earlier, make sure to check your Squid configuration against the 2.7 default configuration file /usr/local/etc/squid/squid.conf.default. Additionally, you should check your configuration by calling 'squid -f /path/to/squid.conf -k parse' before starting Squid. ===> Compressing manual pages for squid-2.7.9_1 ===> Registering installation for squid-2.7.9_1 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/sbin/squid This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/squid If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.squid-cache.org/ ===> Cleaning for squid-2.7.9_1
Now that Squid is installed we can go to the next step and configure it.