Recently I was trying to use pfesence which would more easy to configure and does support transparent squid proxy. I had tried to setup different time slot to different group with different categories to set some policy to access internet. But I got fewer luck and seems that the access list we set earlier was override the previous one. So we can’t use multiple ACL list using Pfsence
Pfsense issues are.
a. I can’t set multiple ACL list with time based restriction. Certain rules are overlapping the existing one even though “Squid guard” does not shows any error while on creation time.
b. Only one user can connect a remote VPN over PPTP connection through the pfsense.
So I decided to drop Pfsence and found that it has some interesting features like bandwidthd,ntop and lightsquid. I like lightsquid much and would like it to be installed on my 512Mb cheap software router runs on CentOS.
How do I install and configure lightsquid on Squid server
1. Download the lightsquid from “http://lightsquid.sourceforge.net/”
2. Install apache and start it
3. Copy the lightsquid folder to any web location like ” /var/www/html/”
4. Add an entry like as below in httpd.conf
AddHandler cgi-script .cgi
deny from all
A. Switch to lightsquid directory and check necessary perl libraries are present.
[root@rc-009 lightsquid]# perl check-setup.pl
LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL
LogPath : /var/log/squid
Lang : /var/www/html/lightsquid/lang/eng
Template : /var/www/html/lightsquid/tpl/base
Ip2Name : /var/www/html/lightsquid/ip2name/ip2name.simple
all check passed, now try access to cgi part in browser
Pls note you may need to install perl “CGI” and “GD” library. GD is an optional to enable graph support. Sometime you may get error as follows,
Can’t locate CGI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
[root@rc-009 lightsquid]# perl -MCPAN -e shell
Terminal does not support AddHistory.
cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support available (try 'install Bundle::CPAN')
cpan> install CGI
cpan> install GD
B. Set the scheduler to parse the squid log file.
a. Open the “lighsquid.cfg ” file and verify the squid log path is correctly set. You may also change the certain values as you wish like to get best graph size change the value to “$graphmaxall=3.50*(1024*1024*1024);” etc.
b. Set the cronjob as follows
*/50 * * * * /usr/bin/perl /var/www/html/lightsquid/lightparser.pl >/dev/null 2>&
C. Customize the User-IP mapping file
You need to add all the users entry inside the "realname.cfg" file
Eg: < IP>
[root@rc-009 lightsquid]# grep "Liju" realname.cfg
You may also create groups by editing group.cfg. Add the entry like this
Liju 01 SysAdmin
Arun 01 SysAdmin
Jacob 02 Support
Tom 02 Support
That's it. Try to run the parser to get first report.
Now it's your turn to keep eye on user's activity. Access the lightsquid over the ip ie http://squidserver ip/lightsquid
Here are the few useful reports
1. Daily usage report
2. User wise usage listing
5. Listing time based access