Category:ISAKv2
Contents |
iSAKv2
iSAKv2 is the integration of several softwares. The two images above should give you a good idea of how iSAKv2 if working. For more information on installation, check the README and INSTALL files in the iSAKv2 package. These files are also available in the SVN.
If you are only interested in the log processing engine, check the top-right image of this page and install those components.
Configuration
Users desktop configuration
The desktop configuration depends on your network configuration and the module you choose in iSAKportal. If you are using IE and the NTLMident module of iSAKportal, no configuration is needed.
If you have questions about the installation, make sure you have browsed this wiki and then send your questions to the mailing lists.
Transparent proxy
You can configure iSAKv2 as a transparent proxy. Below you have an example how to do it with iptables.
Note: isak is the name of the machine on which iSAK is running.
iSAK installed on the gateway
iptables --table nat --append PREROUTING -i eth0 -p tcp --dport 80 --destination ! isak -j REDIRECT --to-port 3128 iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward
iSAK installed on another computer
If iSAK is not installed on the gateway, you must also configure the gateway to redirect the web traffic to iSAK.
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s isak iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80 ip rule add fwmark 3 table 2 ip route add default via 192.168.1.70 dev eth0 table 2
Reference
- Sun.com - Using Squid as a Robust Transparent Proxy on Linux-Based Systems
- LinuxDevCenter.com - Transparent Proxying with Squid
- Transparent Proxy with Linux and Squid mini-HOWTO
iSAKv2 Administration
At the moment, no administration interface has been developped. You can use Webmin for Squid or configure by hand.
www.savoirfairelinux.com