LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-16-2009, 09:12 AM   #1
borganve
LQ Newbie
 
Registered: Mar 2008
Posts: 8

Rep: Reputation: 0
Squid proxy allow/deny set of clients


Hello, i am using linux server with lenny and squid proxy server installed, i configured 2 NICs with the server and packets well forwarding to my clients. Now the questions

1) I want to allow certain clients(by IP) to access internet and disallow to others how to do this in Server with squid.conf file. this setting is done only in server or some settings with clients also?, I guess clients browser should be configured to access web through proxy while doing same it was asking Address and port, so which ip and port i have to give.

2) I am using webmin as web based front end for administration, in which section i have to do this please reply me.

Thanks in advance
Shital
 
Old 07-16-2009, 09:22 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by borganve View Post
Hello, i am using linux server with lenny and squid proxy server installed, i configured 2 NICs with the server and packets well forwarding to my clients. Now the questions

1) I want to allow certain clients(by IP) to access internet and disallow to others how to do this in Server with squid.conf file. this setting is done only in server or some settings with clients also?, I guess clients browser should be configured to access web through proxy while doing same it was asking Address and port, so which ip and port i have to give.

2) I am using webmin as web based front end for administration, in which section i have to do this please reply me.
You just need to create some ACLs for the IPs you want to allow, then deny access to all requests not matching that ACL. Here's a simple example of how it's done:
Code:
acl nice_guys src 192.168.1.104-192.168.1.157
http_access allow nice_guys
http_access deny all
The Squid which comes with Lenny will listen on port 3128 by default (as most do), so you'd need to tell your clients to use that port on Squid's IP. I don't know how any of this is done through Webmin, but it's really just a matter of adding a couple lines to squid.conf so it shouldn't be a big deal for you to do it directly. Just make sure to create proper backups, etc.

Also, keep in mind that unless you have physical control over the network, as well as administrative control over the hosts, it's easy for someone to assign themselves an IP on your allowed ACL, thereby gaining unauthorized access through Squid.

Last edited by win32sux; 07-16-2009 at 09:30 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to access internet on linux clients By our Squid Proxy server farrukhndm Linux - Server 2 03-07-2009 07:22 AM
squid! not able to route clients through proxy haxpak Linux - Server 2 01-07-2009 08:42 AM
Squid proxy server--- Please set 'visible_hostname' 50197433 Linux - Software 2 06-10-2006 12:36 AM
Citrix Clients Behind Squid Proxy jamminblue Linux - Networking 0 02-16-2005 11:03 AM
Has anyone set up a transparent proxy with Squid 3.0 yet? Problems.. Pcghost Linux - Networking 0 10-23-2004 03:31 PM


All times are GMT -5. The time now is 02:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration