[ previous ] [ next ] [ threads ]
 
 From:  "Frans Jonathan King" <kingf at f333 dot net>
 To:  "'Jason Crowley'" <jcrowley at kc dot rr dot com>
 Cc:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Web Proxy Service for m0n0wall
 Date:  Mon, 17 May 2004 23:56:35 +0100
-----Original Message-----
From: Jason Crowley [mailto:jcrowley at kc dot rr dot com] 
Sent: 17 May 2004 23:32
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: [m0n0wall-dev] Web Proxy Service for m0n0wall

Hello all,

I've been working on adding a web proxy service to m0n0wall for access
control and logging purposes.  This service is an integral part of many
firewall packages, and I think it would be a good addition to m0n0wall.
I currently have a rough build of the service running on version 1.0.  I
want to get some feedback from you all, especially Manuel.  Do you think
this would be a valueable addition to the m0n0wall package?  Should I
continue to build it as a part of m0n0wall or should I attempt to make
it a separate loadable module.  Of course it would be much easier for me
to build it as part of m0n0wall.  Thanks!

Screenshots:  
http://home.kc.rr.com/innonet/services_webproxy.jpg
http://home.kc.rr.com/innonet/services_webproxy_rules.jpg
http://home.kc.rr.com/innonet/services_webproxy_rules_edit.jpg
http://home.kc.rr.com/innonet/services_webproxy_acls.jpg
http://home.kc.rr.com/innonet/services_webproxy_acls_edit.jpg
http://home.kc.rr.com/innonet/services_webproxy_users.jpg
http://home.kc.rr.com/innonet/services_webproxy_users_edit.jpg

Image for Soekris net45xx
http://home.kc.rr.com/innonet/net45xx-1.0-webproxy.img

One caveat:  In order for the web proxy service to work, you must have a
DNS server setup.  If you don't receive DNS servers from DHCP on your
WAN interface, you'll have to add them manually in the general setup
page.  

I'm sure there are bugs and I know I need to do a lot on the
documentation side.  The web proxy is based on Squid
(http://www.squid-cache.org); you can find some documentation there.
You need to point your browser to port 3128 on your m0n0wall box to use
the service.  

Let me know what you think.  

Jason Crowley
Innovative Networks


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch


Jason, 

As regards needing to configure each client to use the proxy m0n0wall really
needs inbuilt support for "redirects" such as:

'All outbound traffic on port 80 should be redirected to x.x.x.x port 3128'

That way we can set up transparent proxies and such like. 

The proxy looks neat (from the pics) but I would recommend trying to develop
it as a module to keep the purists happy. 

Regards,

Frans