Categories
How-To Technical

Configure Vyatta as a single interface proxy / content filter

As some of you may know I am anti antivirus solutions that actively run and scan my systems.  So I take many precautions to prevent infection from malware and virus infections.  All of which involve running systems with non-privilege accounts, host file blocking of sites and now adding a content filtering proxy into the configuration, this is where my friend Vyatta comes in.

Vyatta has a good web content filters system using squid, so why not put my Vyatta to work.

Let me give you an example of my configuration:

I use Vyatta as a guest hosted on my VMware ESXi5 Server.

Vyatta is not my default gateway for my network, but is used for routing IPSEC traffic to secure remote locations that I need to reach.

So let’s go over my configuration steps.  This requires you to access the CLI (while Vyatta does have a web UI, I have grown fond of the CLI).

Here is my configuration (enter the ‘configuration’ and I type ‘show service webproxy’

~$ show service webproxy
cache-size 256
default-port 3128
listen-address 10.0.0.3 {
}

url-filtering {
squidguard {
auto-update {
update-hour 3
}

block-category ads
block-category malware
block-category marketingware
block-category phishing
block-category publicite
block-category proxy
default-action allow
log all
redirect-url http://127.0.0.1
}
}
[edit]

As you see in my configuration I am set to block ads, phishing and malware categories, I also log all of the activity for future review.  In addition I redirect blocked traffic to 127.0.0.1 (loopback) as I don’t see the need to redirect to anything external.

2 replies on “Configure Vyatta as a single interface proxy / content filter”

when i enter the following command
update webproxy blacklist
after completion of download it returns “bad file descriptor” error message
i have been unable to sort out this problem. could you help?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.