Proinnsias Breathnach wrote:
> On Wed, Mar 09, 2005 at 12:12:32AM +0000, conor.daly at cod.utvinternet.com wrote:
>>>Eeek! Now that the kids are starting to want to go surfing, I'm working
>>on a dansguardian / squid setup for the HAN.
>> <snip>
>>>So, is there anything I can do to get smoothwall either
>>>>1. Use my internal dans/squid proxy transparently
>>2. Block relevant ports outbound so that a manual proxy config will be
>> needed.
>>>> On the smoothwall: try putting this in the /etc/dhcpd.conf - it should
> work for both linux and win clients - but I've only used it on winXP
> ones :(
>> subnet 192.168.X.0 netmask 255.255.255.0
> {
> option subnet-mask 255.255.255.0;
> option domain-name "mydomain.home";
> option routers 192.168.X.1;
> option domain-name-servers 192.168.X.2;
> option option-252 "http://proxy.mydomain.home/proxy.pac\n" ;
> range dynamic-bootp 192.168.X.50 192.168.X.250;
> default-lease-time 86400;
> max-lease-time 86400;
> }
>> and the http://proxy.mydomain.home/proxy.pac file should be :
>> ---------------8<------------------
> function FindProxyForURL(url, host)
> {
> if (isInNet(host, "192.168.X.0", "255.255.255.0")) {
> return "DIRECT";
> } else {
> if (shExpMatch(url, "http:*"))
> return "PROXY proxy.mydomain.home:3128" ;
> if (shExpMatch(url, "https:*"))
> return "PROXY proxy.mydomain.home:3128" ;
> if (shExpMatch(url, "ftp:*"))
> return "PROXY proxy.mydomain.home:3128" ;
> return "DIRECT";
> }
> }
> ---------------8<------------------
>>> P
Another way to tell the windows client where to search for the
"proxy.pac" or "wpad.dat" is to set up a DNS alias named
"wpad.$yourdomain". It is the default behaviour to search for this
hostname and look for the named file in the webroot of that server.
Something to read:
Configure Firewall and Web Proxy Client Autodiscovery in Windows 2003
(Microsoft - KnowledgeBase Artikel 816320)
http://support.microsoft.com/default.aspx?scid=kb;en-us;816320
WinHTTP AutoProxy Support
(Microsoft - Platform SDK: Windows HTTP Services (WinHTTP))
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/winhttp_autoproxy_support.asp
Automatic configuration file format
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#netscape-pac
Configuring Browsers for WPAD
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.10
Configuring Browsers for WPAD with DHCP
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.11
Microsoft Proxy Server 2.0 - Direct IP Authentication
http://wwwcache.ja.net/servers/proxy/directip.html
CU
Regards,
Achim Dreyer
--
A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant
Tel.: +49 5247 / 406987-2 || http://www.adreyer.com/
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
