squid management with IPtables
Hi,
I am using RedHat Linux A.S 2.1 with squid-2.4.STABLE6-1.7.2 and IPTABLES for Transparent proxy . I want to manage my proxy I want to allow limited download to my client like maximum 1MB in business hours and more then 1MB downloads are allowed after business hours and i also want to block massenger. my squid ACL are blow http_access allow SSL_ports http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow ncsa_users http_access allow supper_access http_access deny deny_domain http_access allow neta http_access allow localhost http_access deny all My iptables script are blow iptables=/sbin/iptables $iptables --flush -t nat iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward In this scenario How can i restrict my client for downloads and messanger??? any one can help me? Thanks in Advance Hamza |
Not sure whether there is a way to have Squid limit the available bandwidth for downloads during certain times of the day.
As for blocking MSN, it uses multiple different ports to access servers - I tried blocking certain ports and ranges, but the most effective is to ammend your iptables rules to drop all outgoing TCP connections except, say 21, 25, 80, 443 which would still allow your main internet protocols to work, but drop all others. this was pretty effective, but there are quite a few web-based messenger services such as www.e-messenger.net and so on, so then you start blocking sites through squid,squidguard or whatver and it keeps going on and on! hope this helps a little though! |
All times are GMT -5. The time now is 06:21 AM. |