SlideShare a Scribd company logo

Proxy+firewall linux

V
Vanda KANY

I would like to share my resource to all of you for improving any works that everyone to need completed homework or assignment. One more thing that is document I will going to do until from my ability and heart. Thanks everyone join to get it.

Software
1 of 33
Download to read offline
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 1 Deadline: 12th, December 2016 Submit: Google Classroom CLASS: SNA-B Firewall and Proxy server Teacher: Chanlin & Pisey
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 2 Deadline: 12th, December 2016 Submit: Google Classroom Based on network infrastructure, an administrator will assign manually IP address to Computer client and Proxy Server. In this case, LAN clients need access to internet by using a proxy service, ensure that Clients cannot access facebook, youtube and movies website during working time except Manager with IP address 10.10.xx.1/24 can access to the internet directly without enable proxy service on web browser. Note: All client have access to cross the firewall policy. Working time: - Monday to Friday - 7:30-11:30 - 13:00-17:00 NAME: KANY Vanda CLASS: SNA-B-2017
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 3 Deadline: 12th, December 2016 Submit: Google Classroom Table of Contents 1. Server A. Proxy/Firewall Server Can access internet B. LAN Server can ping to Proxy/Firewall Server C. LAN Server can remote to Proxy/Firewall Server D. LAN Server can access to Internet without using Proxy Server E. Local DNS Server request DNS from ISP 2. Client A. LAN-staffs request DNS from Local DNS Server B. IP address from 10.10.xx.1 can access internet without using proxy. C. LAN-staffs IP from 10.10.xx.2-10.10.xx.253/24 have to use proxy for accessing internet by blocking: a. . Block website (social network or video/movie websites) b. . Block download extension (.mp3, .mp4, .exe) c. . All staffs can access any website beside of working time. d. . Make sure clients cannot access websites that are not good on squidguard and shallalist file. e. For Shallalist Deny only folder name: sex, gamble, movies, hacking and dating. f. . Allow LAN staffs can access any websites beside of working time by allowing on squidguard service.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 4 Deadline: 12th, December 2016 Submit: Google Classroom Recommend: SERVER :HHD=50-100 GB, RAM: 1-2GB,OS windows 2008r2 Firewall and Proxy: HDD:50-100 GB, RAM: 1-2 GB, OS linux Client : RAM:521, HDD=50-100 GB, OS windows 7 You must create ip address for your firewall and proxy . you just type command yast lan then assign IP and enable routing. This step you must assign gateway and enable routing because you must all ip interface realize and can communication another network.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 5 Deadline: 12th, December 2016 Submit: Google Classroom This IP that we just completed there are three interface and network. After we configure enable routing and assign IP address ready you need to add DNS ISP to RESOLVE. Example: vi /etc/resolve.conf.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 6 Deadline: 12th, December 2016 Submit: Google Classroom 1. Server A. Proxy/Firewall Server Can access internet Before you configure firewall, make sure your interface and Ethernet same to interface lanserver and lanstaff. One more thing you must allow lanserver can request DNS from ISP, so your lanserver can translate IP to Hostname easy access to internet. Start create file that have extension .sh command touch or vim. Example: touch firewall.sh or vim firewall.sh The result that firewall access to internet
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 7 Deadline: 12th, December 2016 Submit: Google Classroom B.LAN Server can ping to Proxy/Firewall Server When you allow lanserver can ping to firewall you make sure your server has IP address, Default gateway and DNS. For my server I just installed DNS and AD already. There is role that we allow lanserver ping to firewall .
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 8 Deadline: 12th, December 2016 Submit: Google Classroom The result ping to firewall, but firewall cannot ping to server.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 9 Deadline: 12th, December 2016 Submit: Google Classroom Result firewall ping to lanserver because we set role only server can ping to firewall C. LAN Server can remote to Proxy/Firewall Server . When you allow lanserver can remote to firewall you need create role and specific user and IP address to remote because you must security your firewall. NowI decide to choose ssh remote firewall. The result for remote ssh
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 10 Deadline: 12th, December 2016 Submit: Google Classroom
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 11 Deadline: 12th, December 2016 Submit: Google Classroom
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 12 Deadline: 12th, December 2016 Submit: Google Classroom After I remote ssh I copy folder name BL to firewall
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 13 Deadline: 12th, December 2016 Submit: Google Classroom D. LAN Server can access to Internet without using Proxy Server For server can access to internet without proxy server we need to create NAT for allow server use internet. And allow lanserver access only firewall indirect to internet, In addition, you think upon DNS server ISP because it importation for translation IP to hostname. Let’s see its bellow steps by steps. Recommend you should type command: echo 1 > /proc/sys/net/ipv4/ip_forward.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 14 Deadline: 12th, December 2016 Submit: Google Classroom The result server access to internet without proxy. E.Local DNS Server request DNS from ISP This step you must allow DNS server request DNS from ISP because you need let lanserver access to internet. If you don’t allow DNS from ISP , so
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 15 Deadline: 12th, December 2016 Submit: Google Classroom your server cannot translate name host website that you want to reached. Bellow this syntax that you must create. This is result that lanserver request DNS from DSN ISP.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 16 Deadline: 12th, December 2016 Submit: Google Classroom 2. Client A. LAN-staffs request DNS from Local DNS Server For lan-staff if you want allow staff can access to internet, you must allow lan-staff got DNS from ISP, so your staff can access with hostname (DNS).
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 17 Deadline: 12th, December 2016 Submit: Google Classroom This is result that we allowlan-staff request DNS from DNS from ISP.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 18 Deadline: 12th, December 2016 Submit: Google Classroom B.IP address from 10.10.xx.1 can access internet without using proxy server. NowI need allowrange ip address lan-staff 10.10.34.1 can access to internet without using proxy server. One more thing you must your lan-staff request DNS from ISP already that your staff can use internet
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 19 Deadline: 12th, December 2016 Submit: Google Classroom The result that we allowlanstaff can access to internet without proxy.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 20 Deadline: 12th, December 2016 Submit: Google Classroom C. LAN-staffs IP from 10.10.xx.2-10.10.xx.253/24 have to use proxy for accessing internet by blocking: For allowlan-staff access to internet use proxy you need to know about service that you must install for providing to proxy run. Now you follow this step: command yast –i squid or yast –i then you must type cd /etc/squid then ls for view file vi squid.conf. After you configure you don’t forget restart service. Install squid and squidguard.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 21 Deadline: 12th, December 2016 Submit: Google Classroom This step you must assign IP proxy or firewall (proxy+firewall) than access to internet you take IP address proxy put on browser so the show bellow.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 22 Deadline: 12th, December 2016 Submit: Google Classroom This is result that we allowlan-staff access internet using proxy. a.Block website (social network or video/movie websites) Now I will block social network videos movie websites like: youtube.com, 123movies.to, facebook.com…….. So you just create syntax for block social network and involve to information that you allow or deny.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 23 Deadline: 12th, December 2016 Submit: Google Classroom Let’s testing using staff access any website that we determine permission.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 24 Deadline: 12th, December 2016 Submit: Google Classroom b.Block download extension (.mp3, .mp4, .exe) After we block any websites now we test block download extension file as above. The result test block extension files. This picture file .mp3 need by proxy block. c.All staffs can access any website beside of working time. This step mean that all staff can access to internet use entertainment after they finished working time. Make sure your days that you allow all staff can access with time on proxy server.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 25 Deadline: 12th, December 2016 Submit: Google Classroom The result we test user access play entertainment
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 26 Deadline: 12th, December 2016 Submit: Google Classroom a. Make sure clients cannot access websites that are not good on squidguard and shallalist file. Before you allow user access any website please you be sure all user don’t access to not good website. For configure file you must install ready with squid. You just type command vi /etc/squidguard.conf then create role bellow. Now I redirect website blacklist genera to gmail.com. You know directory that contain domain blacklist that we need to block. Then vi domains for view hostname blacklist. When you configure already you must type command such as:
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 27 Deadline: 12th, December 2016 Submit: Google Classroom We must type command bellow for create database, delegates to another manage and delegate to new user full manage directory. 1. Command : squidGuard –d –b –C all 2. Command : chown squid * (delegate owner ship) 3. Command : chown squid /usr/sbin/squidGuard 4. Command : chown –R squid /var/lib/squidGuard/db/ Let’s test website backlist, so it generate to gmail.com or not gmail.com.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 28 Deadline: 12th, December 2016 Submit: Google Classroom This domain name website blacklists Generate to Gmail
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 29 Deadline: 12th, December 2016 Submit: Google Classroom a.For Shallalist Deny only folder name: sex, gamble, movies, hacking and dating. When we Deny folder you must copy main folder that contain subfolders to directory /var/lib/squidGuard/bd. We main folder name BL that contain these subfolders. After we copy subfolders we need to create syntax in /etc/squidguard.conf.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 30 Deadline: 12th, December 2016 Submit: Google Classroom Testing user access to websites in shalalist
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 31 Deadline: 12th, December 2016 Submit: Google Classroom This the name of website sex in shalalist The result generate to gamil.com
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 32 Deadline: 12th, December 2016 Submit: Google Classroom Allow LAN staffs can access any websites beside of working time by allowing on squidguard service You just create new syntax that you want to allow staff access to any websites when they free time.
Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 33 Deadline: 12th, December 2016 Submit: Google Classroom

Recommended

255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school server
255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school server255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school server
255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school serverPrachoom Rangkasikorn
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakesguest2821a2
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakeskuza55
 
Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10dianacheng
 
Backtrack Manual Part5
Backtrack Manual Part5Backtrack Manual Part5
Backtrack Manual Part5Nutan Kumar Panda
 
The Surf Culture
The Surf CultureThe Surf Culture
The Surf CultureBrooke Blann
 
Propaganda, publicidad periodismo RR.PP
Propaganda, publicidad periodismo RR.PPPropaganda, publicidad periodismo RR.PP
Propaganda, publicidad periodismo RR.PPKeiber Acosta
 
Informe de Gestión 2010 Bloque Movimiento Popular Neuquino
Informe de Gestión 2010 Bloque Movimiento Popular Neuquino Informe de Gestión 2010 Bloque Movimiento Popular Neuquino
Informe de Gestión 2010 Bloque Movimiento Popular Neuquino emo1979
 

Recommended

255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school server
255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school server255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school server
255605150432+dell poweredge t610+3tbx3 red+on controller+prachoom school serverPrachoom Rangkasikorn
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakesguest2821a2
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakeskuza55
 
Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10dianacheng
 
Backtrack Manual Part5
Backtrack Manual Part5Backtrack Manual Part5
Backtrack Manual Part5Nutan Kumar Panda
 
The Surf Culture
The Surf CultureThe Surf Culture
The Surf CultureBrooke Blann
 
Propaganda, publicidad periodismo RR.PP
Propaganda, publicidad periodismo RR.PPPropaganda, publicidad periodismo RR.PP
Propaganda, publicidad periodismo RR.PPKeiber Acosta
 
Informe de Gestión 2010 Bloque Movimiento Popular Neuquino
Informe de Gestión 2010 Bloque Movimiento Popular Neuquino Informe de Gestión 2010 Bloque Movimiento Popular Neuquino
Informe de Gestión 2010 Bloque Movimiento Popular Neuquino emo1979
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Santiago de Luca
 
Trabajopracticon16 111127235426-phpapp02
Trabajopracticon16 111127235426-phpapp02Trabajopracticon16 111127235426-phpapp02
Trabajopracticon16 111127235426-phpapp02Santiago de Luca
 
Autoridades financieras
Autoridades financierasAutoridades financieras
Autoridades financierasclaudia gaytan
 
Uyce slideshare dec 2016
Uyce slideshare dec 2016Uyce slideshare dec 2016
Uyce slideshare dec 2016Lindy Schneider (Melb, Aust)
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Santiago de Luca
 
Presentación slideshare
Presentación slidesharePresentación slideshare
Presentación slideshareKatherine Dormond
 
Indian Express Article Quoting Naresh Sharma
Indian Express Article Quoting Naresh SharmaIndian Express Article Quoting Naresh Sharma
Indian Express Article Quoting Naresh SharmaNaresh Sharma
 
INCOTEX ELECTRONICS GROUP: La iluminación LED
INCOTEX ELECTRONICS GROUP: La iluminación LEDINCOTEX ELECTRONICS GROUP: La iluminación LED
INCOTEX ELECTRONICS GROUP: La iluminación LEDRepresentacion Comercial de Rusia en Argentina
 
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernementSondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernementCERIC
 
Artisan Project (design for 'Lions in Four' brand)
Artisan Project (design for 'Lions in Four' brand)Artisan Project (design for 'Lions in Four' brand)
Artisan Project (design for 'Lions in Four' brand)Sarif Patwary, Ph.D.
 
Material Sustainablity Index
Material Sustainablity IndexMaterial Sustainablity Index
Material Sustainablity IndexSarif Patwary, Ph.D.
 
Resume
ResumeResume
ResumeOlivier Diby
 
Trabajo practico 16
Trabajo practico 16Trabajo practico 16
Trabajo practico 16Santiago de Luca
 
PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...
PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...
PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...Dr.Ir. Gatot Trimulyadi Rekso, M.Si- Indonesia
 
10 ways to fund your Studies Abroad
10 ways to fund your Studies Abroad10 ways to fund your Studies Abroad
10 ways to fund your Studies Abroadarchana cks
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Santiago de Luca
 
Lab room topology design with dns server
Lab room topology design with dns serverLab room topology design with dns server
Lab room topology design with dns serverkona paul
 
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
255601310654+asrock 880gb lefc+2+2tb+green+prachoom modelPrachoom Rangkasikorn
 
Bni malaysia hosting detail
Bni malaysia hosting detailBni malaysia hosting detail
Bni malaysia hosting detailEddie Ooi
 
Async Tasks with Django Channels
Async Tasks with Django ChannelsAsync Tasks with Django Channels
Async Tasks with Django ChannelsAlbert O'Connor
 
255605150422dell poweredge t610+4tbx3 black+prachoom school server
255605150422dell poweredge t610+4tbx3 black+prachoom school server255605150422dell poweredge t610+4tbx3 black+prachoom school server
255605150422dell poweredge t610+4tbx3 black+prachoom school serverPrachoom Rangkasikorn
 
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
255601310654+setup cned school server on arsock 880gb lefx+nikom2.pptPrachoom Rangkasikorn
 

More Related Content

Viewers also liked

Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Santiago de Luca
 
Trabajopracticon16 111127235426-phpapp02
Trabajopracticon16 111127235426-phpapp02Trabajopracticon16 111127235426-phpapp02
Trabajopracticon16 111127235426-phpapp02Santiago de Luca
 
Autoridades financieras
Autoridades financierasAutoridades financieras
Autoridades financierasclaudia gaytan
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Santiago de Luca
 
Indian Express Article Quoting Naresh Sharma
Indian Express Article Quoting Naresh SharmaIndian Express Article Quoting Naresh Sharma
Indian Express Article Quoting Naresh SharmaNaresh Sharma
 
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernementSondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernementCERIC
 
Artisan Project (design for 'Lions in Four' brand)
Artisan Project (design for 'Lions in Four' brand)Artisan Project (design for 'Lions in Four' brand)
Artisan Project (design for 'Lions in Four' brand)Sarif Patwary, Ph.D.
 
10 ways to fund your Studies Abroad
10 ways to fund your Studies Abroad10 ways to fund your Studies Abroad
10 ways to fund your Studies Abroadarchana cks
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Santiago de Luca
 

Viewers also liked (16)

Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02
 
Trabajopracticon16 111127235426-phpapp02
Trabajopracticon16 111127235426-phpapp02Trabajopracticon16 111127235426-phpapp02
Trabajopracticon16 111127235426-phpapp02
 
Autoridades financieras
Autoridades financierasAutoridades financieras
Autoridades financieras
 
Uyce slideshare dec 2016
Uyce slideshare dec 2016Uyce slideshare dec 2016
Uyce slideshare dec 2016
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02
 
Presentación slideshare
Presentación slidesharePresentación slideshare
Presentación slideshare
 
Indian Express Article Quoting Naresh Sharma
Indian Express Article Quoting Naresh SharmaIndian Express Article Quoting Naresh Sharma
Indian Express Article Quoting Naresh Sharma
 
INCOTEX ELECTRONICS GROUP: La iluminación LED
INCOTEX ELECTRONICS GROUP: La iluminación LEDINCOTEX ELECTRONICS GROUP: La iluminación LED
INCOTEX ELECTRONICS GROUP: La iluminación LED
 
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernementSondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
Sondage 2015 des spécialistes de l’orientation professionnelle, gouvernement
 
Artisan Project (design for 'Lions in Four' brand)
Artisan Project (design for 'Lions in Four' brand)Artisan Project (design for 'Lions in Four' brand)
Artisan Project (design for 'Lions in Four' brand)
 
Material Sustainablity Index
Material Sustainablity IndexMaterial Sustainablity Index
Material Sustainablity Index
 
Resume
ResumeResume
Resume
 
Trabajo practico 16
Trabajo practico 16Trabajo practico 16
Trabajo practico 16
 
PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...
PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...
PENGARUH PERBANDINGAN BAHAN PELAPIS POLIMER DAN PUPUK NPK TERHADAP SIFAT FIS...
 
10 ways to fund your Studies Abroad
10 ways to fund your Studies Abroad10 ways to fund your Studies Abroad
10 ways to fund your Studies Abroad
 
Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02Trabajopracticon15 111116213538-phpapp02
Trabajopracticon15 111116213538-phpapp02
 

Similar to Proxy+firewall linux

Lab room topology design with dns server
Lab room topology design with dns serverLab room topology design with dns server
Lab room topology design with dns serverkona paul
 
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
255601310654+asrock 880gb lefc+2+2tb+green+prachoom modelPrachoom Rangkasikorn
 
Bni malaysia hosting detail
Bni malaysia hosting detailBni malaysia hosting detail
Bni malaysia hosting detailEddie Ooi
 
Async Tasks with Django Channels
Async Tasks with Django ChannelsAsync Tasks with Django Channels
Async Tasks with Django ChannelsAlbert O'Connor
 
255605150422dell poweredge t610+4tbx3 black+prachoom school server
255605150422dell poweredge t610+4tbx3 black+prachoom school server255605150422dell poweredge t610+4tbx3 black+prachoom school server
255605150422dell poweredge t610+4tbx3 black+prachoom school serverPrachoom Rangkasikorn
 
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
255601310654+setup cned school server on arsock 880gb lefx+nikom2.pptPrachoom Rangkasikorn
 
Install linux suse(sless11)
Install linux suse(sless11)Install linux suse(sless11)
Install linux suse(sless11)Tola LENG
 

Similar to Proxy+firewall linux (8)

Lab room topology design with dns server
Lab room topology design with dns serverLab room topology design with dns server
Lab room topology design with dns server
 
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
255601310654+asrock 880gb lefc+2+2tb+green+prachoom model
 
Bni malaysia hosting detail
Bni malaysia hosting detailBni malaysia hosting detail
Bni malaysia hosting detail
 
Async Tasks with Django Channels
Async Tasks with Django ChannelsAsync Tasks with Django Channels
Async Tasks with Django Channels
 
255605150422dell poweredge t610+4tbx3 black+prachoom school server
255605150422dell poweredge t610+4tbx3 black+prachoom school server255605150422dell poweredge t610+4tbx3 black+prachoom school server
255605150422dell poweredge t610+4tbx3 black+prachoom school server
 
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
255601310654+setup cned school server on arsock 880gb lefx+nikom2.ppt
 
Dhritiman banerjee Resume
Dhritiman banerjee ResumeDhritiman banerjee Resume
Dhritiman banerjee Resume
 
Install linux suse(sless11)
Install linux suse(sless11)Install linux suse(sless11)
Install linux suse(sless11)
 

Recently uploaded

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

Proxy+firewall linux

  • 1. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 1 Deadline: 12th, December 2016 Submit: Google Classroom CLASS: SNA-B Firewall and Proxy server Teacher: Chanlin & Pisey
  • 2. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 2 Deadline: 12th, December 2016 Submit: Google Classroom Based on network infrastructure, an administrator will assign manually IP address to Computer client and Proxy Server. In this case, LAN clients need access to internet by using a proxy service, ensure that Clients cannot access facebook, youtube and movies website during working time except Manager with IP address 10.10.xx.1/24 can access to the internet directly without enable proxy service on web browser. Note: All client have access to cross the firewall policy. Working time: - Monday to Friday - 7:30-11:30 - 13:00-17:00 NAME: KANY Vanda CLASS: SNA-B-2017
  • 3. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 3 Deadline: 12th, December 2016 Submit: Google Classroom Table of Contents 1. Server A. Proxy/Firewall Server Can access internet B. LAN Server can ping to Proxy/Firewall Server C. LAN Server can remote to Proxy/Firewall Server D. LAN Server can access to Internet without using Proxy Server E. Local DNS Server request DNS from ISP 2. Client A. LAN-staffs request DNS from Local DNS Server B. IP address from 10.10.xx.1 can access internet without using proxy. C. LAN-staffs IP from 10.10.xx.2-10.10.xx.253/24 have to use proxy for accessing internet by blocking: a. . Block website (social network or video/movie websites) b. . Block download extension (.mp3, .mp4, .exe) c. . All staffs can access any website beside of working time. d. . Make sure clients cannot access websites that are not good on squidguard and shallalist file. e. For Shallalist Deny only folder name: sex, gamble, movies, hacking and dating. f. . Allow LAN staffs can access any websites beside of working time by allowing on squidguard service.
  • 4. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 4 Deadline: 12th, December 2016 Submit: Google Classroom Recommend: SERVER :HHD=50-100 GB, RAM: 1-2GB,OS windows 2008r2 Firewall and Proxy: HDD:50-100 GB, RAM: 1-2 GB, OS linux Client : RAM:521, HDD=50-100 GB, OS windows 7 You must create ip address for your firewall and proxy . you just type command yast lan then assign IP and enable routing. This step you must assign gateway and enable routing because you must all ip interface realize and can communication another network.
  • 5. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 5 Deadline: 12th, December 2016 Submit: Google Classroom This IP that we just completed there are three interface and network. After we configure enable routing and assign IP address ready you need to add DNS ISP to RESOLVE. Example: vi /etc/resolve.conf.
  • 6. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 6 Deadline: 12th, December 2016 Submit: Google Classroom 1. Server A. Proxy/Firewall Server Can access internet Before you configure firewall, make sure your interface and Ethernet same to interface lanserver and lanstaff. One more thing you must allow lanserver can request DNS from ISP, so your lanserver can translate IP to Hostname easy access to internet. Start create file that have extension .sh command touch or vim. Example: touch firewall.sh or vim firewall.sh The result that firewall access to internet
  • 7. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 7 Deadline: 12th, December 2016 Submit: Google Classroom B.LAN Server can ping to Proxy/Firewall Server When you allow lanserver can ping to firewall you make sure your server has IP address, Default gateway and DNS. For my server I just installed DNS and AD already. There is role that we allow lanserver ping to firewall .
  • 8. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 8 Deadline: 12th, December 2016 Submit: Google Classroom The result ping to firewall, but firewall cannot ping to server.
  • 9. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 9 Deadline: 12th, December 2016 Submit: Google Classroom Result firewall ping to lanserver because we set role only server can ping to firewall C. LAN Server can remote to Proxy/Firewall Server . When you allow lanserver can remote to firewall you need create role and specific user and IP address to remote because you must security your firewall. NowI decide to choose ssh remote firewall. The result for remote ssh
  • 10. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 10 Deadline: 12th, December 2016 Submit: Google Classroom
  • 11. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 11 Deadline: 12th, December 2016 Submit: Google Classroom
  • 12. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 12 Deadline: 12th, December 2016 Submit: Google Classroom After I remote ssh I copy folder name BL to firewall
  • 13. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 13 Deadline: 12th, December 2016 Submit: Google Classroom D. LAN Server can access to Internet without using Proxy Server For server can access to internet without proxy server we need to create NAT for allow server use internet. And allow lanserver access only firewall indirect to internet, In addition, you think upon DNS server ISP because it importation for translation IP to hostname. Let’s see its bellow steps by steps. Recommend you should type command: echo 1 > /proc/sys/net/ipv4/ip_forward.
  • 14. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 14 Deadline: 12th, December 2016 Submit: Google Classroom The result server access to internet without proxy. E.Local DNS Server request DNS from ISP This step you must allow DNS server request DNS from ISP because you need let lanserver access to internet. If you don’t allow DNS from ISP , so
  • 15. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 15 Deadline: 12th, December 2016 Submit: Google Classroom your server cannot translate name host website that you want to reached. Bellow this syntax that you must create. This is result that lanserver request DNS from DSN ISP.
  • 16. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 16 Deadline: 12th, December 2016 Submit: Google Classroom 2. Client A. LAN-staffs request DNS from Local DNS Server For lan-staff if you want allow staff can access to internet, you must allow lan-staff got DNS from ISP, so your staff can access with hostname (DNS).
  • 17. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 17 Deadline: 12th, December 2016 Submit: Google Classroom This is result that we allowlan-staff request DNS from DNS from ISP.
  • 18. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 18 Deadline: 12th, December 2016 Submit: Google Classroom B.IP address from 10.10.xx.1 can access internet without using proxy server. NowI need allowrange ip address lan-staff 10.10.34.1 can access to internet without using proxy server. One more thing you must your lan-staff request DNS from ISP already that your staff can use internet
  • 19. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 19 Deadline: 12th, December 2016 Submit: Google Classroom The result that we allowlanstaff can access to internet without proxy.
  • 20. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 20 Deadline: 12th, December 2016 Submit: Google Classroom C. LAN-staffs IP from 10.10.xx.2-10.10.xx.253/24 have to use proxy for accessing internet by blocking: For allowlan-staff access to internet use proxy you need to know about service that you must install for providing to proxy run. Now you follow this step: command yast –i squid or yast –i then you must type cd /etc/squid then ls for view file vi squid.conf. After you configure you don’t forget restart service. Install squid and squidguard.
  • 21. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 21 Deadline: 12th, December 2016 Submit: Google Classroom This step you must assign IP proxy or firewall (proxy+firewall) than access to internet you take IP address proxy put on browser so the show bellow.
  • 22. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 22 Deadline: 12th, December 2016 Submit: Google Classroom This is result that we allowlan-staff access internet using proxy. a.Block website (social network or video/movie websites) Now I will block social network videos movie websites like: youtube.com, 123movies.to, facebook.com…….. So you just create syntax for block social network and involve to information that you allow or deny.
  • 23. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 23 Deadline: 12th, December 2016 Submit: Google Classroom Let’s testing using staff access any website that we determine permission.
  • 24. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 24 Deadline: 12th, December 2016 Submit: Google Classroom b.Block download extension (.mp3, .mp4, .exe) After we block any websites now we test block download extension file as above. The result test block extension files. This picture file .mp3 need by proxy block. c.All staffs can access any website beside of working time. This step mean that all staff can access to internet use entertainment after they finished working time. Make sure your days that you allow all staff can access with time on proxy server.
  • 25. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 25 Deadline: 12th, December 2016 Submit: Google Classroom The result we test user access play entertainment
  • 26. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 26 Deadline: 12th, December 2016 Submit: Google Classroom a. Make sure clients cannot access websites that are not good on squidguard and shallalist file. Before you allow user access any website please you be sure all user don’t access to not good website. For configure file you must install ready with squid. You just type command vi /etc/squidguard.conf then create role bellow. Now I redirect website blacklist genera to gmail.com. You know directory that contain domain blacklist that we need to block. Then vi domains for view hostname blacklist. When you configure already you must type command such as:
  • 27. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 27 Deadline: 12th, December 2016 Submit: Google Classroom We must type command bellow for create database, delegates to another manage and delegate to new user full manage directory. 1. Command : squidGuard –d –b –C all 2. Command : chown squid * (delegate owner ship) 3. Command : chown squid /usr/sbin/squidGuard 4. Command : chown –R squid /var/lib/squidGuard/db/ Let’s test website backlist, so it generate to gmail.com or not gmail.com.
  • 28. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 28 Deadline: 12th, December 2016 Submit: Google Classroom This domain name website blacklists Generate to Gmail
  • 29. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 29 Deadline: 12th, December 2016 Submit: Google Classroom a.For Shallalist Deny only folder name: sex, gamble, movies, hacking and dating. When we Deny folder you must copy main folder that contain subfolders to directory /var/lib/squidGuard/bd. We main folder name BL that contain these subfolders. After we copy subfolders we need to create syntax in /etc/squidguard.conf.
  • 30. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 30 Deadline: 12th, December 2016 Submit: Google Classroom Testing user access to websites in shalalist
  • 31. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 31 Deadline: 12th, December 2016 Submit: Google Classroom This the name of website sex in shalalist The result generate to gamil.com
  • 32. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 32 Deadline: 12th, December 2016 Submit: Google Classroom Allow LAN staffs can access any websites beside of working time by allowing on squidguard service You just create new syntax that you want to allow staff access to any websites when they free time.
  • 33. Passerelles numériques Cambodia Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia Tel: +855 23.99.55.00 info.cambodia@passerellesnumeriques.org PREPARING VANDA.KANY 33 Deadline: 12th, December 2016 Submit: Google Classroom