From owner-freebsd-questions@FreeBSD.ORG Thu Oct 13 16:39:41 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AF1816A421 for ; Thu, 13 Oct 2005 16:39:41 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id C69AF43D53 for ; Thu, 13 Oct 2005 16:39:40 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by zproxy.gmail.com with SMTP id z31so369008nzd for ; Thu, 13 Oct 2005 09:39:40 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=PCbfFIY9Ge6nqlcgWPjzvPOJs2jBSp4w4Su+NWEdFM/C48ah5pX0PNGXYIttQnFtPf4EOHxbs2yYTf/TK2CccIYxMEK7x6FeSBS1XlocnElXf3DmcofraMqAkgPBT6gOMPHA8nm7FAtNen7Cx4FG70lPItNXV3bEwWVxJ+JqWuM= Received: by 10.36.148.2 with SMTP id v2mr2579573nzd; Thu, 13 Oct 2005 09:39:39 -0700 (PDT) Received: by 10.37.20.34 with HTTP; Thu, 13 Oct 2005 09:39:39 -0700 (PDT) Message-ID: Date: Thu, 13 Oct 2005 20:39:39 +0400 From: "Andrew P." To: Dave In-Reply-To: <000b01c5d000$9f269350$0900a8c0@satellite> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <000b01c5d000$9f269350$0900a8c0@satellite> Cc: FreeBSD Questions Subject: Re: proxy server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2005 16:39:41 -0000 On 10/13/05, Dave wrote: > Hi, > I've been checking out this thread on squid. I've got squid right now doi= ng > transparent proxying with pf and that is working reat! But i'd like to > extend it to do what your doing: > ftp-proxying, currently i use ftp-proxy out of inetd and only passive cli= ent > connections from behind the nat work, active doesn't > addblocking, i'll take your suggestion and use adzap > and i'd like to use dansguardian for content filtering, but it requires > apache on the gateway box i don't know if i like that, is there a way aro= und > that dependency? > Do you have a howto or notes for setting all this up? > Thanks. > Dave. > Not really. In fact it wasn't me who set this all up, I just happen to manage it all now. You'll have to read through all squid faqs to make it shine. Adzap doesn't require anything at all (except for perl, of course), but it doesn't harm if you have a local webserver to serve some static content. thttpd is the right solution for this, but Apache won't hurt even on a very loaded production server. You'll also want to process squid logs. If you have a spare box - that's fine, you can do it all there. But we've found it quite comfortable to do all processing on the proxy itself, in the night. We use calamaris and sarg (and it helps to have apache on the proxy, to the results), and we're looking at other analyzers, too. I don't remember any major problem with our proxy (except for some failing hardware), there's nothing tricky in setting it up and maintaining it. If you'll have a specific issue, I'll be very glad to try and help you out. Cheerz, Andrew P.