LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-08-2005, 04:13 AM   #1
shamza
LQ Newbie
 
Registered: Jul 2005
Location: PAKISTAN
Posts: 3

Rep: Reputation: 0
squid management with IPtables


Hi,

I am using RedHat Linux A.S 2.1 with squid-2.4.STABLE6-1.7.2 and IPTABLES for Transparent proxy . I want to manage my proxy I want to allow limited download to my client like maximum 1MB in business hours and more then 1MB downloads are allowed after business hours and i also want to block massenger. my squid ACL are blow

http_access allow SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ncsa_users
http_access allow supper_access
http_access deny deny_domain
http_access allow neta
http_access allow localhost
http_access deny all

My iptables script are blow

iptables=/sbin/iptables
$iptables --flush -t nat
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

In this scenario How can i restrict my client for downloads and messanger???
any one can help me?
Thanks in Advance

Hamza
 
Old 07-08-2005, 03:13 PM   #2
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
Not sure whether there is a way to have Squid limit the available bandwidth for downloads during certain times of the day.
As for blocking MSN, it uses multiple different ports to access servers - I tried blocking certain ports and ranges, but the most effective is to ammend your iptables rules to drop all outgoing TCP connections except, say 21, 25, 80, 443 which would still allow your main internet protocols to work, but drop all others. this was pretty effective, but there are quite a few web-based messenger services such as www.e-messenger.net and so on, so then you start blocking sites through squid,squidguard or whatver and it keeps going on and on! hope this helps a little though!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dual bandwidth management in squid sanjeevkumark Linux - Networking 1 09-29-2005 01:15 PM
squid management with IPtables shamza Linux - Newbie 3 07-10-2005 02:48 PM
squid + iptables varun_saa Mandriva 10 02-11-2005 09:27 PM
bandwith management and squid configuration slidesystems Linux - General 1 08-03-2004 06:34 AM
bandwith management and squid configuration slidesystems Linux - Networking 0 08-02-2004 08:11 PM


All times are GMT -5. The time now is 03:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration