# Proxy/Gateway

## 102039

Hello,

in our company (approx. 120 windows clients) we want to replace our Kerio Winroute Firewall gateway/proxy-server with something linux(/gentoo) based. It is important that the solution has a proxy included because we only have a DSL connection to provide internet to our 120 windows clients.

I just have no idea for a concept yet. Which software to use (squid?) and how to implement it. So maybe anyone can suggest guides for a setup ?

----------

## radulucian

i guess that solution is so default that nobody bothered to answer yet.

here is what i sugest: use the default gentoo installation guide, add squid, then eventually add some filtering and content manager layers (search forums for options).

also, you might want to consider a nice firewall that supports routing (just in case) and i would sugest shorewall for this.

best way to see what is the best solution is to install it and start testing it. you will get caught in it really fast and you will get to your dream proxy in notime.

if you need more specific info just say preciselly what you need.

----------

## 102039

Is there already a software available which integrates a squid proxy in a complete firewall/gateway/proxy solution ?

----------

## think4urs11

 *Wurstteppich wrote:*   

> Is there already a software available which integrates a squid proxy in a complete firewall/gateway/proxy solution ?

 

please specify precisely what you mean/need, otherwise the most obvious answer would be 'brain + emerge'   :Rolling Eyes: 

All what you most probably need would be squid+iptables as a first start (plus configuration for both of course)

Additionally you could check out e.g. squidquard, dansguardian, some gui for iptables like fwbuilder or shorewall, calamaris to have some statistics out of squid etc.

----------

## 102039

 *Think4UrS11 wrote:*   

>  *Wurstteppich wrote:*   Is there already a software available which integrates a squid proxy in a complete firewall/gateway/proxy solution ? 
> 
> please specify precisely what you mean/need, otherwise the most obvious answer would be 'brain + emerge'  
> 
> All what you most probably need would be squid+iptables as a first start (plus configuration for both of course)
> ...

 

Ok i will try. I basically need the functions of Kerio Winroute Firewall, except for the VOIP and VPN functionality. It is important that firewall rules and maybe also the proxy can be configured with a GUI, since we have 3 (including me) linux users/admins here, but the other two admins are only aware of Windows server environments, so if they need to adjust rules they won't be able to do that by using a linux console.

Like i already mentioned, we used Kerio Winroute Firewall (or AVM Ken when the company was a little bit smaller) as an internet proxy/gateway.

Please let me know if you need more information and thanks for the answers!

----------

## lesourbe

did you take a look at the IPCOP distro ?

it may simply do what you need, though it's not gentoo

----------

## think4urs11

 *Wurstteppich wrote:*   

> I basically need the functions of Kerio Winroute Firewall, except for the VOIP and VPN functionality.

 

OK so i'll try to translate between kerios homepage 'main features' and linux, just some keywords for your detailed search though

Deep inspection firewall

iptables with fwbuilder as frontend for administration (theres an windows client GUI available)

Antivirus gateway protection

done with clamav

- for web content: squid with redirector to clamav

- for mail content: maybe plain fetchmail and/or setting up a dedicated mail server on the box

Surf protection

Dansguardian

not sure whether or not any kind of GUI is available for that. Should not really be needed after setup is done though

updating the content categories can be scheduled via cron from exisiting community-driven databases/lists

Content filtering

combination of squid+dansguardian+iptables

squid configuration done via webmin and its squid module

User-specific access management

squid with acls so that your users need to authenticate with userid/password

acl config as above with webmin

maybe with ldap backend

Administration, alerts and statistics

calamaris for squid (web surfing) statistics, snmp/mrtg for more general traffic statistics

ssmtp or dedicated mailserver for alerting

HTH

T.

----------

## alterself.com

http://www.smoothwall.org

SMOOTHWALL!!!

----------

