Proxy Server

Top  Previous  Next

In this scenario we will configure Gibraltar on a computer with two network interface cards. One of them is used for the Internet connection, the other one is used for the connection to the internal network. Gibraltar should protect the internal network and allow all clients to use any Internet services. The internal network must not be accessible from the Internet. Furthermore proxy-servers should be installed. An HTTP proxy, to cache queried homepages on the hard disk and therewith make an anew query faster. An FTP proxy, to either receive inquiries from the internal network and therewith veil the topology or to receive inquiries from outside and pass them on to an internal FTP server. Also a POP3 proxy has to be configured, that takes on queries of clients in the internal network and checks the answer mails for viruses and spam when it fetches them from the external pigeon hole.

 

Note: This scenario shows a simple configuration of the services. For detailed information, please consult the specific modules.

 

szenario2

 

Note: All shown values are only examples. You must adapt these values to your individual needs.

 

System Requirements

Computer with two compatible network interfaces or Gibraltar Security Gateway.

 

Installation of Gibraltar

 

Please install Gibraltar as described in chapter Installation.

 

System configuration

 

System configuration as described in Scenario 1.

 

System configuration - hard disk

 

1.Choose System in the main menu.
2.Choose the tab Configure hard disk.
3.Use hard disk: Choose from the selection field the hard disk you want to use as cache for the HTTP proxy.
4.Save: Click this button to save the changes.

 

Network settings - Network interface cards

 

Network and routing configuration as described in Scenario 2

 

ATTENTION: By changing the IP address on the network card which you use for access to Gibraltar, the connection is interrupted. Please adapt the IP address on your work station computer as well.

 

Firewall rules

 

Firewall rules as described in Scenario 2

 

NAT rules

 

NAT rules as described in Scenario 2

 

DHCP server

 

DHCP server settings as described in Scenario 1

 

HTTP proxy configuration

 

1.Choose Proxy Server in the main menu.
2.Choose HTTP proxy in the sub menu.
3.Choose the tab General settings.
4.Mark your internal interface in the element group Allow transparent proxying. Thereby all inquiries from the internal network to port 80 are redirected to port 3128 (or to the port defined in the textfield Port), where the HTTP proxy listens.
5.Save: Click this button to save your changes.
6.Choose the card Proxy cache.
7.Main storage for proxy (in MB): Indicate, how much of the main storage should be available for the proxy cache. This part of the main storage is blocked for the other services thereby. Leave the value 4.
8.Maximum size of the object (in KB): This value indicates the size, objects of homepages can have at most, to be stored in the cache. If an object exceeds this value, it won't be stored in the cache for a further request.
9.Use cache on hard disk: Mark this checkbox, if you integrated a hard disk in the module System and if you want to use this hard disk as cache for the HTTP proxy also.
10.Size of disk cache (in MB): In the case, that you marked the checkbox Use cache on hard disk, you can enter the disk space of the hard disk you want to use for the HTTP proxy in this textfield.
11.Save: Click this button to save your changes.
12.Choose the card Content filter.
13.Kaspersky Anti-Virus: Mark this checkbox to activate the Kaspersky Anti-Virus scanner, if you purchased a Kaspersky for Gibraltar license.
14.Save: Click this button to save your changes.
15.Afterwards start the HTTP proxy in the module Services to activate the settings.

 

FTP proxy configuration:        

 

In this scenario we will configure the FTP proxy to protect an internal FTP server from dangers of outside. The FTP proxy takes on inquiries from outside, fetches the inquired data from the internal FTP server and relays them to the inquirer from outside by itself.

 

1.Choose FTP proxy in the main menu.
2.Choose the tab General settings.
3.Direction: Mark the option field incoming and click the button Go!.
4.Destination FTP server: Enter in this textfield the IP address of your internal FTP server to which access from outside should be directed.
5.Destination FTP port: Enter the port on which the FTP server offers the FTP services. By default you can leave the value 21 (default FTP port).
6.Transfer mode: Choose the transfer mode you want to use. If you leave the mode Client, the transfer mode of the client will be used.
7.Save: Click this button to save your changes.
8.Afterwards start the FTP proxy in the module Services to activate the settings.

       

POP3 proxy:

 

1.Choose POP3 proxy in the main menu.
2.Choose the tab General settings.
3.Here you can change settings to your special needs. Yet the default settings are a good basis.
4.Save: Click this button to save your changes.
5.Choose the tab Rename attachments.
6.Rename attachments: Mark this checkbox if you want the file extensions listed in the element group below to be renamed when you receive them as attachment.
7.Save: Click this button to save your changes.
8.Afterwards start the POP3 proxy in the module Services to activate the settings.

 

Save config

 

1.Save your configuration.