ipchains dont work

hotrodowner · 04-01-2003, 08:49 AM

I have resently migrated my rh 7.1 router network to a rh 8.0 proxy server network. However, I used ipchains on 7.1 to block web sites, but with the squid proxy server, the web sites are no longer blocked. What should I do to block web sites with my rh8.0 squid proxy server.

AltF4 · 04-01-2003, 09:30 AM

for simple configurations add an ACL to squid.conf

acl begone1 dstdomain .doubleclick.net .fastclick.net .ivwbox.com
http_access deny begone1

for more complex blocks have a look at squidguard (http://www.squidguard.org/)

hotrodowner · 04-01-2003, 09:40 AM

I just discovered that ipchains isn't compatible with rh 8.0, all of my chains are variations of the following:

-A input -s 209.10.0.0/16 -j DENY
-A input -p tcp --destination-port 8080 -j DENY

can someone translate these commands for iptables?

Capt_Caveman · 04-01-2003, 10:22 AM

-A INPUT -s 209.10.0.0/16 -j REJECT
-A INPUT -p tcp --dport 8080 -j REJECT

Can change the target (REJECT) to DROP depending on what you want iptables to do with the packet. With DROP, linux won't reply to the packet at all.

hotrodowner · 04-01-2003, 01:11 PM

now, I have iptables to load successfully, but why do the rules not matter when I'm using squid as a proxy server on the same machine I'm loading iptables on?

hotrodowner · 04-02-2003, 08:16 AM

thank you so much

Capt_Caveman · 04-02-2003, 09:29 AM

Did you figure out the problem with why iptables didn't apply to squid connections? I was kind of intrigued.

hotrodowner · 04-02-2003, 02:11 PM

It did apply, I just had to unload ipchain's modules first, and then save the /etc/sysconfig/iptables file in the correct syntax.