DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th July 2010
sharris sharris is offline
Package Pilot
 
Join Date: Jun 2010
Posts: 146
Thanked 0 Times in 0 Posts
Default Dansguardian-ClamAV-Squid ?

This is basically my home LAN setup. I have a gateway running PF. I read that the only program that should run on a Packet Filtering machine is Packet-Filter. Here I found this how-to "Dansguardian Setup with ClamAV Content Filtering & Squid Transparent Proxy". Should I use an additional machine and insert it between the Packet-Filter gateway and the internal LAN and install these programs on that machine? I think the machine will need two ETHERNET cards just like the gateway and than I add two cross-over cables to make the connection. Is this about right? Latter I want to ssh and ipec to the LAN from a laptop for practice, so are there other programs I need to install so it be ready? If so, would it be OK to install these types of other programs to the new Dansguardian machine (making it like an all-in-one IDS system)?

Code:
Machine-1		FreeBSD 8.0-i386			Gateway-pf Firewall
Machine-Proxy	Dansguardian-ClamAV-Squid	
Machine-2		Windows XP			Mainly for internet Access
Machine-3		FreeBSD 8.0-AMD			Webserver + e-mailserver
Machine-4		Partitions for KVM and ESX          To study both KVM and ESX
See attachment:
Thanks
Attached Files
File Type: pdf Dgn-Clam-Squid.pdf (290.5 KB, 1295 views)
Reply With Quote
  #2   (View Single Post)  
Old 20th July 2010
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

If your firewall has enough RAM/CPU, I'd put the proxy on there. It's a lot easier to configure and manage (just redirect port 80 traffic to localhost:8080).

Otherwise, you can put it on a separate machine. Only 1 NIC is required. You have two options for configuring it:
  1. set the defaultrouter for all the clients on the LAN to the IP of the proxy server; add firewall rules that redirect port 80 traffic to localhost:8080
  2. use PF redirect rules on the main firewall to redirect outgoing port 80 traffic to the proxy on port 8080 (the dg port)
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #3   (View Single Post)  
Old 20th December 2010
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Thanked 0 Times in 0 Posts
Default

Unless you're running an enormous amount of traffic through your home network installing on the same box should be fine.

I recommend you run local DNS to.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dansguardian Issues plexter OpenBSD Security 5 7th July 2010 07:31 PM
ClamAV 0.96.1 fixes DoS vulnerabilities J65nko News 0 25th May 2010 08:41 PM
Dansguardian configuration issue orallo FreeBSD Security 2 29th April 2010 10:08 PM
Mailx and Clamav Oko General software and network 3 24th July 2009 09:37 PM
Two antiviruse F-prot and ClamAV mfaridi FreeBSD Security 4 12th October 2008 09:15 PM


All times are GMT. The time now is 08:33 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick