in Linux

Configuring Squid and Dansguardian for Content Filtering

1. Install rpmforge repository on CentOS/RHEL 6 x86 64bit
# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# yum update

2. Install squid
# yum install squid
# chkconfig squid on

3. Install dansguardian
# yum install dansguardian
# chkconfig dansguardian on

4. Edit dansguardian configuration file
# line 88: change it (DansGuardian listens) to the port for Clients
filterport = 8080

# line 94: specify the port which Squid listens
proxyport = 3128

5. Start squid and dansguardian service
# service squid start
# service dansguardian start

6. Configure content filtering
# vi /etc/dansguardian/lists/bannedsitelist
# specify domain names you’d like to block
facebook.com

7. Restart dansguardian service
# service dansguardian restart

# other lists you can define
bannedextensionlist ⇒ banned extension
bannediplist ⇒ banned client IP address
bannedmimetypelist ⇒ banned MIME Type
bannedphraselist ⇒ banned phrase
bannedregexpheaderlist ⇒ banned header(regexp)
bannedregexpurllist ⇒ banned URL(regexp)
bannedsitelist ⇒ banned domain
bannedurllist ⇒ banned URL
contentregexplist ⇒ replace contents(regexp)
exceptionextensionlist ⇒ exception extension
exceptionfilesitelist ⇒ exception file domain
exceptionfileurllist ⇒ exception file URL
exceptioniplist ⇒ exception client IP address
exceptionmimetypelist ⇒ exception MIME Type
exceptionphraselist ⇒ exception phrase
exceptionregexpurllist ⇒ exception URL(regexp)
exceptionsitelist ⇒ exception domain
exceptionurllist ⇒ exception URL
filtergroupslist ⇒ filter group
greysitelist ⇒ grey domain
greyurllist ⇒ grey URL

8. Customize the block page template
# vi /usr/share/dansguardian/languages/ukenglish/template.html

জীবনের ঘানি

জীবনের কিছু ভুলে পেয়েও পাওয়া হল না তাকে
জীবনের ঘানি বয়ে বেড়াবো তাই নিরন্তর
অর্থহীন বিস্বাদ জীবন থমকে যাক
মৃত্যু এসে গ্রাস করুক আমার পুরুটা সত্তা ।

আচমকা বিজলীর মতো এলে
জীবন্মৃত আমাকে প্রান দিলে
আজ তোমার ছায়াবিহীন আমার দেহে
জীবনের কিবা আছে মানে ।

একাকী স্বপ্নযানে

স্বপ্নযান ছুটে চলছে অবিরাম গন্তব্যহীন দিগন্তের ওপারে
যাত্রী শুধু আমি আর আমার কায়া
আজ কেন জানি ভয় লাগছে একাকী স্বপ্নযানে
পিছু টেনে ধরে এক অদৃশ্য মায়া ।
চোখের প্রদীপ নিভে গেছে আজ
পথ দেখাবে কে?
তবু যেতে হবে আজ কষ্টের ধরা ছেড়ে
কষ্টহীন স্বপ্নরাজ্যে ।
শিহরন জাগে আজ হৃদ মাজারে
স্বপ্নিল স্মৃতিগুলো ভাসে কষ্ট হয়ে
মনের আঙ্গিনায় দেখি এ কার ছায়া
সে যে অস্পৃশ্য অধরা এক কায়া ।

Route Summarization

What is Route Summarization?

Route summarization, or supernetting, is needed to reduce the number of routes that a router advertises to its neighbor.

Why Route Summarization?

– With route summarization, you can advertise many routes with only one line in an update packet. This reduces the size of the update, allowing you more bandwidth for data transfer.

– Another reason for route summarization is that you want to minimize the amount of time and router CPU cycles that are used to route traffic since the larger the routing tables, the longer this takes, leading to more used router CPU cycles to perform the lookup.

Example for Understanding Route Summarization

Figure 1: Four-City Network without Route Summarization

Figure 1: Four-City Network without Route Summarization

As you can see from figure 1, Winnipeg, Calgary, and Edmonton each have to advertise internal networks to the main router located in Vancouver. Without route summarization, Vancouver would have to advertise 16 networks to Seattle. You want to use route summarization to reduce the burden on this upstream router.

Look for common bits on the network side of the addresses.

Summarizing Winnipeg’s Routes:

172.16.64.0 = 10101100.00010000.01000000.00000000
172.16.65.0 = 10101100.00010000.01000001.00000000
172.16.66.0 = 10101100.00010000.01000010.00000000
172.16.67.0 = 10101100.00010000.01000011.00000000
Common bits: 10101100.00010000.010000xx

You see that the first 22 bits of the four networks are common.  You are left with the summarized address of 172.16.64.0/22

Using the Same format:
Summarize Calgary’s Routes: 172.16.68.0/22
Summarize Edmonton’s Routes: 172.16.72.0/21

Now summarizing Vancouver’s Routes to Seattle using the same format as before
172.16.64.0 = 10101100.00010000.01000000.00000000
172.16.68.0 = 10101100.00010000.01000100.00000000
172.16.72.0 = 10101100.00010000.01001000.00000000
Common bits: 10101100.00010000.0100xxxx

The summary route:  172.16.64.0/20

Figure 2: Four-City Network with Complete Route Summarization

Figure 2: Four-City Network with Complete Route Summarization

Requirements for Route Summarization

To create route summarization, there are some necessary requirements:

– Routers need to be running a classless routing protocol, as they carry subnet mask information with them in routing updates (Examples are RIP v2, OSPF, EIGRP, IS-IS, and BGP.)

– Addresses need to be assigned in a hierarchical fashion for the summarized address to have the same high-order bits. It does no good if Winnipeg has network 172.16.64.0 and 172.16.67.0 while 172.16.65.0 resides in Calgary and 172.16.66.0 is assigned in Edmonton. No summarization could take place from the edge routers to Vancouver.