LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-12-2005, 01:00 PM   #1
jgnasser
Member
 
Registered: Feb 2004
Location: Kenya
Distribution: Red Hat
Posts: 57

Rep: Reputation: 15
restrict access using squid, iptables?


I have a network connected to the internet by satellite. I need to restict access to the web in varied ways. I have successfully restricted access to web browsing by using an ip address ICL but at times there is a problem when the dhcp server hands out the same ip to another client and though this hasnt happened, if a smart user guessed and assigned an authoried IP they would surf. Maybe I could sort that by adding arp.

The main question though is even when squid blocks browsing, clients can still pass through to email ports and perhaps FTP. Can squid block that? I have read elsewhere in the forum that iptables can help me filter specific ip or mac addresses. How do I do that?
 
Old 04-12-2005, 01:34 PM   #2
mfeoli
Member
 
Registered: Dec 2003
Distribution: Debian
Posts: 92

Rep: Reputation: 15
Hi,
I don't know much about this but had the same problem a while ago,

I know you can have ACL (Access control lists) for your users, and also you may use the "Delay pools" feature of your Proxi ( squid ) to kind of manage the bandwidth.

This is if you may want to give some restricted lowbandwidth access to some users.

you may either place static ip addresses or filter via the mac address of each station with iptables, and block ftp and smtp ports with iptables aswell, either for all or for some mac addresses too.

For example we blocked all web, smtp, ftp ports to go directly through the firewall, so anyone who want's to go out must go through the proxy.

you will definately find answers to this very common questions by searching the forum

I'm sorry didn't answer your especific question but hope this helps somehow

Last edited by mfeoli; 04-12-2005 at 01:36 PM.
 
Old 04-12-2005, 04:02 PM   #3
jgnasser
Member
 
Registered: Feb 2004
Location: Kenya
Distribution: Red Hat
Posts: 57

Original Poster
Rep: Reputation: 15
I can control using a rule like this:

-A PREROUTING -p tcp -m tcp -i eth0 -m mac --mac-source XX:02:0D:81:67:49 --dport 25 -j DROP

but would I need to list all the mac addresses to allow? Unlike squid, i wonder if iptables can read a list of allowed macs from a separate file and if this would have impact on the network speed.

Of course I have a rule that directs all port 80 requests from the network to the proxy.
 
Old 04-13-2005, 07:21 AM   #4
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
Hi,

have a look at ebtables, much more performant for layer 2 trafic : http://ebtables.sourceforge.net/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid proxy (1): how to restrict the files above 2MB -- please help me b:z Linux - Networking 8 04-22-2010 02:41 AM
restrict internet bandwidth using squid coolamit78 Linux - Networking 2 08-15-2009 12:50 AM
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 08:40 AM
iptables : Restrict access at certain times of day J-Ben Linux - Newbie 1 03-28-2004 09:38 PM
linux squid and iptables for secure lan for internet access. pune_abhishek Linux - Networking 4 11-30-2003 07:20 PM


All times are GMT -5. The time now is 05:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration