Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-08-2005, 04:13 AM   #1
LQ Newbie
Registered: Jul 2005
Location: PAKISTAN
Posts: 3

Rep: Reputation: 0
squid management with IPtables


I am using RedHat Linux A.S 2.1 with squid-2.4.STABLE6-1.7.2 and IPTABLES for Transparent proxy . I want to manage my proxy I want to allow limited download to my client like maximum 1MB in business hours and more then 1MB downloads are allowed after business hours and i also want to block massenger. my squid ACL are blow

http_access allow SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ncsa_users
http_access allow supper_access
http_access deny deny_domain
http_access allow neta
http_access allow localhost
http_access deny all

My iptables script are blow

$iptables --flush -t nat
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

In this scenario How can i restrict my client for downloads and messanger???
any one can help me?
Thanks in Advance

Old 07-08-2005, 03:13 PM   #2
Senior Member
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
Not sure whether there is a way to have Squid limit the available bandwidth for downloads during certain times of the day.
As for blocking MSN, it uses multiple different ports to access servers - I tried blocking certain ports and ranges, but the most effective is to ammend your iptables rules to drop all outgoing TCP connections except, say 21, 25, 80, 443 which would still allow your main internet protocols to work, but drop all others. this was pretty effective, but there are quite a few web-based messenger services such as and so on, so then you start blocking sites through squid,squidguard or whatver and it keeps going on and on! hope this helps a little though!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
dual bandwidth management in squid sanjeevkumark Linux - Networking 1 09-29-2005 01:15 PM
squid management with IPtables shamza Linux - Newbie 3 07-10-2005 02:48 PM
squid + iptables varun_saa Mandriva 10 02-11-2005 09:27 PM
bandwith management and squid configuration slidesystems Linux - General 1 08-03-2004 06:34 AM
bandwith management and squid configuration slidesystems Linux - Networking 0 08-02-2004 08:11 PM

All times are GMT -5. The time now is 01:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration