LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-19-2004, 04:08 PM   #1
4mix
LQ Newbie
 
Registered: Jul 2004
Distribution: Debian 2.4.18
Posts: 19

Rep: Reputation: 0
Question config squid so some IP can access internet, and others just the server?


I have a network in a block of flats with 55 computers, ant a server which connects them to the Internet.

Some of us have Inernet access, and others not (depends of which pays the Interent access), according to the firewall rules (input and forward based on mac and ip address)

The server has Debian Linux 2.4.18, and squid, apache and mysql installed on it.

All the computers which have access to the internet, pass through squid.

I want to config squid so some IP or mac can access internet, and others just the server (where is a web page with information for my network), but not the internet.

How can I do this?
 
Old 07-19-2004, 06:09 PM   #2
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
better to post a question rather than asking for a complete howto.
read the squid faq.

but in squid faqs search for

acls
deny_info (to display a custom page)
 
Old 07-20-2004, 09:07 AM   #3
4mix
LQ Newbie
 
Registered: Jul 2004
Distribution: Debian 2.4.18
Posts: 19

Original Poster
Rep: Reputation: 0
Lightbulb

Thank you for your suggestions.

I have read the howtos, and faqs.

Here is my try:

YesInternet represents the IP-s which I want to have unrestricted access to the Internet,
NonInternet represents the IP-s which I want to have access JUST to the web page that the server provides (IP of the server is 192.168.9.1, on which runs Apache, php, mysql, and squid), and NOT to the Internet.

acl YesInternet src 192.168.9.2-192.168.9.11/32 192.168.9.14-192.168.9.24/32 192.168.9.27-192.168.9.28/32 192.168.9.30-192.168.9.31/32 192.168.9.35/32 192.168.9.46-192.168.9.50/32
acl NonInternet src 192.168.9.12-192.168.9.13/32 192.168.9.25-192.168.9.26/32 192.168.9.29/32 192.168.9.32-192.168.9.34/32 192.168.9.36-192.168.9.45/32 192.168.9.51-192.168.9.255/32
acl dstServerOnly dst 192.168.9.1
acl dstInternet dst 0.0.0.0/0


http_access YesInternet dstInternet
http_access NonInternet dstServerOnly
http_access deny all

Is this correct?

Pls help
 
Old 07-20-2004, 09:53 AM   #4
4mix
LQ Newbie
 
Registered: Jul 2004
Distribution: Debian 2.4.18
Posts: 19

Original Poster
Rep: Reputation: 0
Talking I forgot something

Yes I did at least one mistake in http_access section, it should be the following:

http_access allow YesInternet dstInternet
http_access allow NonInternet dstServerOnly
http_access deny all

,

Two more questions:
- It is correct to write all the IP-s in one line with single and interval style, like I did?
- the configuration has the same effect if I write the http_access rules in the following way:

http_access allow YesInternet dstInternet
http_access allow !YesInternet dstServerOnly
http_access deny all
 
Old 07-20-2004, 03:33 PM   #5
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
a very better approch is to write every acl ips in files.

like

acl yahoo src "/usr/local/squid/acls/yahoo"

and in file write ip addresses. same thing for url_regexs or any other long acl.
 
Old 07-20-2004, 05:08 PM   #6
4mix
LQ Newbie
 
Registered: Jul 2004
Distribution: Debian 2.4.18
Posts: 19

Original Poster
Rep: Reputation: 0
Thank you for your suggestions newpenguin !!!

But the config lines I wrote, they seem to do the job I want?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp server access through squid proxy not working hitesh_linux Linux - Networking 5 05-13-2010 03:27 AM
RH9 - Win Network with internet access config AlexJ Linux - Networking 1 07-13-2004 07:45 PM
slow internet access using squid gigi Linux - Networking 4 01-20-2004 12:59 AM
linux squid and iptables for secure lan for internet access. pune_abhishek Linux - Networking 4 11-30-2003 07:20 PM
Secure Proxy Configuration(squid) for a LAN to access Internet pune_abhishek Linux - Networking 5 11-30-2003 01:33 PM


All times are GMT -5. The time now is 02:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration