Table des matières 1 Cœur... 1 1 1 Routeur... 1 1 1 1 Configuration... 1 1 1 2 Fichiers de configuration... 1 1 Routeur 1 1 Routeur 1 1 1 Configuration Nom : routeur1.mlif.local Adresse IP eth0 : dynamique 172.16./16 Adresse IP eth1: statique 192.168.100.1/24 : cœur Adresse IP eth2 : statique 192.168.200.1/24 : DMZ Adresse IP eth3 : statique 192.168.50.1/24 : usagers Domaine dns : mlif.local Serveur dns : 192.168.100.20 Admin : root Mot de passe : root 1 1 2 Fichiers de configuration 1 1 2 1 Réseaux /etc/network/interfaces : # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 allow-hotplug eth0 iface eth0 inet dhcp auto eth1
allow-hotplug eth1 iface eth1 inet static address 192.168.100.1 netmask 255.255.255.0 auto eth2 allow-hotplug eth2 iface eth2 inet static address 192.168.200.1 netmask 255.255.255.0 auto eth3 allow-hotplug eth3 iface eth3 inet static address 192.168.50.1 netmask 255.255.255.0 domain mlif.local dns-search mlif.local dns-nameservers 192.168.100.20 # ##Pour automatiser le NAT, decommenter la ligne suivante: #post-up iptables-restore < /etc/iptables_rules.save 2 DMZ 2-1 Proxy 2-1-1 configuration Nom : srv-proxy.mlif.local Adresse IP eth0: dhcp 192.168.200.10/24 : cœur Domaine dns : mlif.local Serveur dns : 192.168.100.20 Admin : root Mot de passe : root
2-1-2 fichier de configuration /etc/squid3/squid.conf Fichier de configuration de squid /etc/squidguard/squidguard.conf Fichier de configuration de squidguard /var/lib/squidguard/db/blacklists/ Dossier des bases de données des blacklists Fichier de configuration de squid /etc/squid3/squid.conf # Configuration squid3 http_port 3128 # définition des ACL acl usagers src 192.168.50.0/24 acl ports_web port 80 443 acl sites_facebook dstdom_regex.*facebook.* acl sites_twitter dstdom_regex.*twitter.* acl mot_jeu url_regex.*jeu.* acl mot_porn url_regex.*porn.* acl mot_xxx url_regex.*xxx.* acl mot_sport url_regex.*sport.* # Définition des règles http_access deny usagers sites_facebook http_access deny usagers mot_sport http_access deny usagers mot_xxx http_access deny usagers sites_twitter http_access deny usagers mot_porn http_access deny usagers mot_jeu http_access allow usagers ports_web http_access deny all redirect_program /usr/bin/squidguard -c /etc/squidguard/squidguard.conf
Fichier de configuration de squidguard /etc/squidguard/squidguard.conf : dbhome /var/lib/squidguard/db/blacklists logdir /var/log/squid dest porno { domainlist adult/domains urllist adult/urls dest agressive { domainlist aggressive/domains urllist aggressive/urls dest agressif { domainlist aggressif/domains urllist aggressif/urls dest astrology { domainlist astrology/domains urlist astrology/urls dest audio-video { domainlist audio-video/domains urllist audio-video/urls dest download { domainlist download/domains urllist download/urls dest game { domainlist game/domains urllist game/urls dest child { domainlist child/domains urllist game/urls dest drogue { domainlist drogue/domains urllist drogue/urls dest financial { domainlist financial/domains urlist financial/urls
dest forums { domainlist forums/domains urllist forums/urls dest hacking { domainlist hacking/domains urllist hacking/urls dest manga { domainlist manga/domains urllist manga/urls dest lingerie { domainlist lingerie/domains urllist lingerie/urls dest mail { domainlist mail/domains urllist mail/urls dest radio { domainlist radio/domains urllist radio/urls dest sexual_education { domainlist sexual_education/domains urllist sexual_education/urls dest sports { domainlist sports/domains urllist sports/urls dest violence { domainlist violence/domains urllist violence/urls dest phishing { domainlist phishing/domains urllist phishing/urls dest malware {
domainlist malware/domains urllist malware/urls acl { default { pass!porno!agressive!agressif!astrology!astrology!audi$ redirect http://google.fr