TurnKey Linux Virtual Appliance Library

Request: Proxy Firewall appliance

Ricardo Malheiros Guedes's picture

Congratulations to all of the Turnkey for the excellent work, I'm working with Tomcat, Postgres, and Samba PDC, easy to install and configure, very good, my suggestion would be for a Proxy with web caching, URL filtering and firewall, with the possibility of control of users through access groups.

Thank you for your attention.

 

Liraz Siri's picture

Suggestions for which open source software to use?

Good idea. I've created a new blueprint for this. If we can get the community to help us figure out what's the best open source software to use for this usage scenario there's a good chance this will make it into the next release batch.

 

Jeremy's picture

Squid seems to be the proxy of choice

From my travels online Squid seems to be the proxy of choice. FI'm pretty sure Squid offers web caching too. I would be inclined to go with that given its popularity (and its in the Ubuntu repos) unless of course there is a good case for something else . I have plans to play with it, but like many projects, its been on the backburner. If I end up doing anything about it I'll definately share my findings on the dev wiki whiteboard.

This suggestion goes further than I was planning on going but I like it lots.

Ricardo Malheiros Guedes's picture

Let's put fuel on the fire

Squid is actually the best and has many communities on the subject, I currently use the IPCOP, the PFSENSE and SMOTHWALL and firewall solutions, because each has specific characteristics in order to match the needed all of the users, a appliance with the merger of these three would be the maximum. A major problem faced by users of Squid is a friendly graphical interface for creating rules for access and control access by groups, the famous ACLs. I'm no expert, but would like to share my experiences and issues for the project to go forward.
Thanks...

Ricardo M. Guedes

System Analyst, Network Administrator.

 

Another interested party

I could really use this at the community radio station I sysadmin and am willing to do what I can. Is ongoing communication happening here? Also, are we branching another appliance, like LAMP/LAPP? I don't see a branch in the blueprint.

Liraz Siri's picture

We developed TKLPatch to make it easier to do this

Thanks for the interest John. I guess the easiest way to get involved would be by trying to get a prototype up and running on top of TurnKey Core using TKLPatch.

I recommend SafeSquid

I would like to recommend SafeSquid, as the content filter cum proxy. SafeSquid is multi-threaded, so SMP will never be an issue. It has a integrated browser-based interface, besides all the features one would normally want for authentication, reports, etc. Though it does not have a full-fledged QoS, it does have a user-limits feature that allows pre-setting of caps. It has excellent features for managing content cache, filtering policies, etc. It also has integrated client for ClamAV Daemon and other ICAP based content security applications. The interface is rendered by an XML file, and all the error templates are completely customisable, so customising for different languages, shouldn't be too difficult. Unlike Squid, SafeSquid isn't open-source though. But then technical support for production environments is assured, and that's what counts the most for me.

Jeremy's picture

Sounds good but...

As its not Open Source I don't imagine TKL will be making such an appliance (although I can't speak for Alon and Liraz).

It does sound like its got some great features though so there's nothing stopping you from developing a SafeSquid server on top of TKL Core. Others may be interested too so perhaps document your experience so others can share the fun!

I checked the blueprint for

I checked the blueprint for this idea but did not see many suggestions.

So i'll try to help.

Here are the standards for a good Linux proxy server give or take one or two depending on the application of the server...

Squid - (proxy for the Web supporting HTTP, HTTPS, FTP, and more)

Dansguardian - (Open Source web content filter which currently runs on Linux)

Clam AV - (open source (GPL) anti-virus toolkit for UNIX)

Bannerfilter - (blocks advertising banners on the Web)

SARG - (Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet.)

As for the firewall IPCop is a one of the best I have used as far as easy of use.

Hope this helps and look foward to seeing this in the future releases

Thanks for the read.

WOW

What a great idea!

I would pay for a turn key solution like this!

My first take at it

I've made a TKLPatch based on what I readed here from you guys. Please test this TKLPatch and make suggestions based on your experience.

 

http://www.turnkeylinux.org/forum/general/20100920/tklpatch-web-filter-proxy

@MP: Should I send you me paypal account? :P 

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)