Network settings

Network settings

Overview                    

Configure the basic Network Infrastructure.
Configure the Sockets on which SafeSquid will Listen and accept connections from clients.
Manage SafeSquid's outgoing connections through existing IPs of your host system.

Listen

Setup SafeSquid’s Listen Interfaces to accept connections from clients.
When SafeSquid starts-up, all the enabled entries will be evaluated, and create appropriate Listening Sockets.
You may specify these Interfaces when creating policies in Access Restrictions Section.
Evaluation logically skips disabled Entries.
Service restart is required to effect any changes made here.
Network settings Listen tab showing

Enabled    

Enable or disable this entry
TRUE:  Enable this entry.
FALSE: Disable this entry. 

Comment

For documentation, and future references, explain the relevance of this entry to your policies.
That is, by reading the policies, a future user can understand the purpose of that entry.

Port

Specify the Listen port. By default, SafeSquid listens on port 8080.
Port value can be a positive integer between 1 and 65535. The default value is 8080.

IP

Specify the IP address to complete the socket definition.
You may choose a specific IPv4 or IPv6 address.
Empty or Blank: All the IPv4 and IPv6 addresses of the host.
set to 0.0.0.0:    Listen to all IPv4 IPs only.
set to:        :    Listen to all IPv6 IPs only

Bindings

Choose additional bindings (roles) for this Socket.
You may select multiple options if you need.
SSL_TRANSPARENT:  Accept SSL requests in a transparent proxy mode.
CAPTIVE_PORTAL:  Setup a captive portal for user authentication, when SafeSquid is used as a Transparent Proxy.
SSL_AUTHENTICATION: User authentication via SSL client certificates. (Not Yet Implemented)
SSL_BRIDGE: If SafeSquid has been setup as Reverse Proxy, and must provide SSL for non-SSL HTTP servers. (Not Yet Implemented)

Example

Rule#1
My SafeSquid proxy is running on a cloud server, I use ssh tunnel using 127.0.0.1:8080 to access my proxy server.
I have a host only network with IP range 10.100.0.0/16.
I want my proxy server to listen on 10.100.0.1:8080.
Using the network -> listen policy we can allow proxy to listen to addition IP and ports.
showing policy which has a listen port 8080
Rule#2
I want to use SafeSquid without configuring it in my browser. (As a transparent proxy server)
I want to transfer all traffic from port 80 to be forwarded to port 8080 and traffic from 443 to be forwarded to 8443.
I want SafeSquid to listen to port 8443.
Rule #2 is configured to use proxy server as a transparent proxy server.
Bindings set as SSL_TRANSPARENT is used to accept SSL request in transparent mode.
policy showing all traffic from port 443 forwarded to port 8443

Rule#3
I want our admin users to access SafeSquid web interface without authentication.
General users’ access internet using port 8080 where GUI access is disabled.
We want SafeSquid to listen on IP 192.168.2.10 and port 8082 which has access to SafeSquid web interface, can be configured in “Access Restrictions”.
Rule #3 can be used where user identification is not performed and personal having access to SafeSquid’s web interface should be limited.
policy showing additional listen to allow access to safesquid's web interface without authentication

Interface

Specify Interfaces for outgoing connections.
SafeSquid can take advantage of multiple ISPs or outbound connection routes, on multi-homed host systems.
Create multiple entries as required.
SafeSquid evaluates all enabled entries starting from top, and selects the first one that matches the connection.
Evaluation skips the disabled Entries.
interface tab fields from network settings

Enabled

Enable or Disable this entry
TRUE:  Enable this entry.
FALSE: Disable this entry. 

Comment

For documentation, and future references, explain the relevance of this entry to your policies.
That is, by reading the policies, a future user can understand the purpose of that entry.

Profiles

Specify the Profiles applicable for this entry.
This entry will be applicable only if the connection has any one of the specified profiles.
Leave it Blank, to apply for all connections irrespective of any applied profile.
To avoid application to a connection that has a profile, use negated profile (!profile).

IP

Specify an IP address assigned to the host system.
SafeSquid will bind the outgoing connection to this IP address thus effectively applying the desired routing for the connection.
Note: The configuration must be saved, and the proxy server must be restarted before any changes take effect.

Example

Rule#1
I want to send all my outgoing traffic via a different route than incoming traffic.
142.54.178.126 is used as outgoing traffic.
Using multiple ISP’s provide redundancy. Enhance throughput.
Rule#1 can be used to configure multi homed network.
Rule showing send all outgoing  traffic from a specific IP


    • Related Articles

    • Categorize WebSites

      Overview Use Categorize websites to Manage Web-Site Categorization. Review and modify the categorization of any website. You can also create new categories, and associate websites with those categories. To Modify a web-site's categorization, you must ...
    • FTP browsing

      Overview FTP Browsing section lets you configure how the FTP connections are established, and results are displayed. SafeSquid can provide support for anonymously browsing FTP Servers, anonymously. This can be useful when the client (some of the ...
    • WCCP

      Overview Use WCCP routers to enforce transparent proxy. Stop setting proxy in client browsers and transparently redirect traffic flows in real-time. Global Enabled Enable or Disable this section. TRUE: Enable transparent redirection. FALSE: Disable ...
    • Clam antivirus

      Overview Clam AntiVirus (ClamAV), is an antivirus software toolkit for Windows and Unix-like operating systems. One of its main uses is with mail exchange servers as a server-side email virus scanner. Distributed under the terms of the GNU General ...
    • Response Types

      Overview Use Response profiles to manage profiling based on the responses received from the webserver. You can manage Profiling based on the following parameters present in the responses received from the webserver. Mime File Content-Length Response ...