Advice - Squid Proxy

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Advice - Squid Proxy

Squid users-2
The attached configuration is currently in use on my computer.

My aim is to use my laptop while I'm out and about (libraries, work etc) and when I'm at home have my TV and Phone connect into the proxy server.  This would allow caching by any device to my laptop so I'm minimising my connections outbound.

I also want it to record use by other people so I can monitor my internet use at home.

As you can see I run bitdefender parental control on my computer. Would it be possible for someone to manipulate the proxy server to bypass this? Could the proxy server be used to hide / obscure actual sites visited?

Can anyone point out any flaws or issues.....

Thanks

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

layout2.jpg (77K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Advice - Squid Proxy

Antony Stone
On Wednesday 19 December 2018 at 13:22:57, Squid users wrote:

> The attached configuration is currently in use on my computer.

It isn't a network diagram; I'm not quite sure what to describe it as, but I
don't even see where Squid is on there.

> My aim is to use my laptop while I'm out and about (libraries, work etc)
> and when I'm at home have my TV and Phone connect into the proxy server.
> This would allow caching by any device to my laptop so I'm minimising my
> connections outbound.

So, Squid runs on your laptop?

What are the phone and TV supposed to do when the laptop isn't there?

> I also want it to record use by other people so I can monitor my internet
> use at home.

Define "use".  What level of detail do you want to record?

> As you can see I run bitdefender parental control on my computer. Would it
> be possible for someone to manipulate the proxy server to bypass this?
> Could the proxy server be used to hide / obscure actual sites visited?

Show us a rather more conventional network diagram, which shows how packets
get to & from the Internet, and what filters / firewalls are in place between
different bits of equipment, and we might be able to asnwer this.


Antony.

--
"Can you keep a secret?"
"Well, I shouldn't really tell you this, but... no."


                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Advice - Squid Proxy

Squid users-2
Hi,

Re network diagram - Mish Mash / blended / spaghetti  I think :p

Squid is installed on the Ubuntu virtual machine. Sorry forgot to draw that on.

The phone connects to mobile internet when out of the house, then reverts back to going via squid proxy when my laptop wifi is turned on. The phone detects my laptop and connects accordingly. The phone reconfigures to go via proxy when it connects to my laptop.

As for the TV - yeah my laptop needs to be in the house for that to work.

Internet Use - I'm happy to record websites called by 'user' so for example:
Tv=user1
Phone=user2
Laptop user=user3
Then each family member with their own user id /password.
I've configured this bit already

I have set my home internet router to only allocate my laptop mac a DHCP address....

I'll draw a better diagram later today.
I may have gone a bit overboard with the control and monitoring :s

Thanks

-----Original Message-----
From: squid-users <[hidden email]> On Behalf Of Antony Stone
Sent: 19 December 2018 13:19
To: [hidden email]
Subject: Re: [squid-users] Advice - Squid Proxy

On Wednesday 19 December 2018 at 13:22:57, Squid users wrote:

> The attached configuration is currently in use on my computer.

It isn't a network diagram; I'm not quite sure what to describe it as, but I don't even see where Squid is on there.

> My aim is to use my laptop while I'm out and about (libraries, work
> etc) and when I'm at home have my TV and Phone connect into the proxy server.
> This would allow caching by any device to my laptop so I'm minimising
> my connections outbound.

So, Squid runs on your laptop?

What are the phone and TV supposed to do when the laptop isn't there?

> I also want it to record use by other people so I can monitor my
> internet use at home.

Define "use".  What level of detail do you want to record?

> As you can see I run bitdefender parental control on my computer.
> Would it be possible for someone to manipulate the proxy server to bypass this?
> Could the proxy server be used to hide / obscure actual sites visited?

Show us a rather more conventional network diagram, which shows how packets get to & from the Internet, and what filters / firewalls are in place between different bits of equipment, and we might be able to asnwer this.


Antony.

--
"Can you keep a secret?"
"Well, I shouldn't really tell you this, but... no."


                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Advice - Squid Proxy

Antony Stone
On Wednesday 19 December 2018 at 16:04:36, Squid users wrote:

> Hi,
>
> Re network diagram - Mish Mash / blended / spaghetti  I think :p
>
> Squid is installed on the Ubuntu virtual machine. Sorry forgot to draw that
> on.

So, Squid is installed on an Ubuntu VM, which runs on your laptop?

> The phone connects to mobile internet when out of the house, then reverts
> back to going via squid proxy when my laptop wifi is turned on. The phone
> detects my laptop and connects accordingly. The phone reconfigures to go
> via proxy when it connects to my laptop.

So, the phone is either - direct connection via mobile Internet access, or via
Squid and your home Internet connection - no way for the phone to use the
Internet connection without going via Squid?

> As for the TV - yeah my laptop needs to be in the house for that to work.

Okay.

> Internet Use - I'm happy to record websites called by 'user' so for
> example: Tv=user1
> Phone=user2
> Laptop user=user3
> Then each family member with their own user id /password.
> I've configured this bit already

Configured it in Squid, so users have to authenticate there to get access?

> I have set my home internet router to only allocate my laptop mac a DHCP
> address....

So, where do any other devices (phone, TV, the three VMs) get their IP
addresses from?  They must have them, otherwise they couldn't communicate with
Squid...  What do these devices have as a gateway address?

> I'll draw a better diagram later today.

Okay.

> I may have gone a bit overboard with the control and monitoring :s

Yes, maybe :)


Antony.

--
Software development can be quick, high quality, or low cost.

The customer gets to pick any two out of three.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Advice - Squid Proxy

Squid users-2
> So, Squid is installed on an Ubuntu VM, which runs on your laptop?
Correct

> So, the phone is either - direct connection via mobile Internet access, or via Squid and your home Internet connection - no way for the phone to use the Internet connection without going via Squid?
Yeah - however I use bitdefender on top of squid. Once the phone detects and connects to my laptop it then uses the proxy server

> Configured it in Squid, so users have to authenticate there to get access?
Yeah - I have an ACL running in Squid

> So, where do any other devices (phone, TV, the three VMs) get their IP addresses from?  They must have them, otherwise they couldn't communicate with Squid...  What do these devices have as a gateway address?
I use dhcp allocated from ubuntu, the gateway address that’s broadcast is my Ubuntu address.


 I'm writing this and thinking I've gone a bit Orwellian. Still I think I've covered the bases. I was toying with the idea of running Asterix off my laptop too, but I figured I'd start with this project.

-----Original Message-----
From: squid-users <[hidden email]> On Behalf Of Antony Stone
Sent: 19 December 2018 16:17
To: [hidden email]
Subject: Re: [squid-users] Advice - Squid Proxy

On Wednesday 19 December 2018 at 16:04:36, Squid users wrote:

> Hi,
>
> Re network diagram - Mish Mash / blended / spaghetti  I think :p
>
> Squid is installed on the Ubuntu virtual machine. Sorry forgot to draw
> that on.

So, Squid is installed on an Ubuntu VM, which runs on your laptop?

> The phone connects to mobile internet when out of the house, then
> reverts back to going via squid proxy when my laptop wifi is turned
> on. The phone detects my laptop and connects accordingly. The phone
> reconfigures to go via proxy when it connects to my laptop.

So, the phone is either - direct connection via mobile Internet access, or via Squid and your home Internet connection - no way for the phone to use the Internet connection without going via Squid?

> As for the TV - yeah my laptop needs to be in the house for that to work.

Okay.

> Internet Use - I'm happy to record websites called by 'user' so for
> example: Tv=user1
> Phone=user2
> Laptop user=user3
> Then each family member with their own user id /password.
> I've configured this bit already

Configured it in Squid, so users have to authenticate there to get access?

> I have set my home internet router to only allocate my laptop mac a
> DHCP address....

So, where do any other devices (phone, TV, the three VMs) get their IP addresses from?  They must have them, otherwise they couldn't communicate with Squid...  What do these devices have as a gateway address?

> I'll draw a better diagram later today.

Okay.

> I may have gone a bit overboard with the control and monitoring :s

Yes, maybe :)


Antony.

--
Software development can be quick, high quality, or low cost.

The customer gets to pick any two out of three.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users