1- We assign ip dns of machine squid

2- Then put the gateway from ISP

3- And this is the ip address that we assign in machine proxy squid

4- Install squid by yast

5- After that we configure file squid.conf

6- First we configure on port that to allow client use proxy

7- After that we set on size memory cache on RAM

8- Then to allow store cache this path by delete # and number according to you need

9- Now we to create access list like below

10- After that we apply to rule that created on ACL

11- Then restart our squid services

12- And use command below to update cache

13- For client use squid can ping to interface that connected only

14- After that need to configure port squid that allow client use on web browser
15- Then client can access to internet by using proxy

16- Now we want to deny client not allow use internet need to apply rule to ACL like below

17- After that restart services squid again then client access internet it show like this
18- Now we want block our client not allow use http://www.yahoo.com need to create rule
like this on access list

19- After that we apply to rule that created on ACL for block website yahoo from client

20- Now we access website yahoo.com it show like this

21- And now we want block client download file exe across proxy need to create one access
list after that we to apply rule on access list that created like below

22- Now client download file ( .exe ) from internet like below
23- After click on file download exe it will show like this on web

24- When Install SquidGuard it need service dependence like below

25- Then to install service dependence by yast like below

26- Then we install Squid Guard again it will success like below

27- And we disable this line to Security on Squid that allow client to affect Rule

28- Then we vi /etc/squidguard.conf and write content like below

29- Then we change owner of directory like below to user squid

30- Then we edit file squid.conf and write like below to allow squid use SquidGuard

31- Then we use command squidGuard –C all to create file extentsion (.db)

32- Then it create file *.db automatically like below and change owner to squid below this
33- Now we take this website from black list to access from client web browser

34- Then access web site from black list it will redirect to timetables.cist.lan auto like below
35- Now we extract file shallalist to path below

36- After extract we will see all filed by type of each files in folder BL

37- Then we write add line in file SquidGuard.conf like below

38- Then we use command squidGuard –C all to create files domains.db & urls.db

39- Now we change owner to file (.db) by chown to user squid

40- Then Google Take it can’t login like below

41- Speed to allow IP address client download across our proxy squid in file squid.conf add
line below

delay_pool 1
delay_class 1 1
delay_parameters 1 1024/2048
delay_access 1 allow LAN_10_2

42- Then when we download will see the speed on DU metter or look on process file
download from website that link to packet
 **Authentication users from Active Directory
Echo 1 > /proc/sys/net/ipv4/ip_forward
0- iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

1- jont domain from proxy

2- list users : wbinfo -u , wbinfo -g
3-: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic chilldren 5
auth_param basic realm savy.happy.net
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
4- create acl ( acl clients src 10.1.1.2 , acl auth proxy_auth REQUIRED )
5- http_access allow client auth
6- DNS Local must forward to DNS Publich by name & ip address
7- Gateway DNS Local put IP proxy that connected with DNS

1- On DNS local must be work properly for resolve like below

2- Put the gateway of dns local is ip address proxy server that connected with interface dns
local
3- Then on Forwarders we add name DNS publish and then add IP address of DNS publish
4- Then Edit file /etc/resolve.conf put the name and IP address DNS local like this not use
DNS publish

5- And on proxy server by yast we put the name and IP address our DNS local

6- Use IPTables script to allow DNS local to use DSN publish and echo command to allow
difference LAN and ping each other

7- And by yast network services
windows domain member ship
then put the Domain
name of DNS that we want to joint
OK
8- Then joint domain must be successful and can install packet until finish when joint domain

9- Then we can list users & Group on AD by use command below

10- And on file /etc/squid/squid.conf line 297 we add all this line

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic

auth_param basic chilldren 5
auth_param basic realm savy.happy.com
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

11- And file squid.conf we create ACL like this have ACL & auth
12- Then we apply rule to acl that created on http_access

13- After that on client open web browser if connected to Internet by proxy server it must be
authentication user name & password like below user from AD then put user name and
password client can access to internet
14- After put user name & password client can access internet like below by authentication
user name & password user from Active Directly

Install and configure mysar

1- Install services mysql & apache2 by yast
2- Now we extract mysar to path /srv/www/htdocs directory by command below

3- Then we access web page by web browser client http://10.1.1.1/mysar/www

we specific to path store file like this because we new install so we must specific
path to find install file on machine
Choose click continue for installation
process
4- After that it will show like this on web browser client we click on new install
5- And then we put the database name user control full machine SuSE and user
name control only mysar database, I not put password user root because I not
assign by mysqladmin
Submit Query

6- After that it will show like this on web page

7- Then we must to create one file config.ini path /srv/www/htdocs/mysar/etc/config.ini and

put the information that show on this web page
8- Edit file config.ini and write this information that file then save it

9-After complete the information click on Click here to try again it will show like this on web
page
click here continue
10- Then it will show message on web page to delete directory install on path
/srv/www/htdocs/mysar/www/ and delete folder install
11- After alert message on web page we go to delete folder on this path
Start using mysar !
on web page

12- After delete install folder it will show like this on web page
13- Then we use this command to use access log show on mysar database then it will show on
web page

14- And if we want to restart this command automatically can use crontab –e and write this
content ( 6 * * * * ) it mean every hour at 6 minute it will back up report to show on mysar

15- Then after generate report it will show on web page mysar all client IP address and user
access internet, speed user use across proxy
 Sarg installation

1- This services it dependence when install sarg packet on sless11

2- Then we install sarg like below

3- Afte that we to path /etc/squid/sarg

4- Edit file sarg.conf at line 143 we msut change to path /srv/www/htdocs/sarg like below

5- Command - : sarg-reports daily: for generate report users access internet every day to show
on sarg web page
- : sarg: sarg command use to create directory sarg on path /srv/www/htdocs/

6- Then we access web page by http://10.1.1.1/sarg it will show on web page like this
7- Then we can select one user that access internet show on sarg to see detail user access
internet like below

Transparent proxy automatically client