LinuxQuestions.org - config squid so some IP can access internet, and others just the server?

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - config squid so some IP can access internet, and others just the server? (https://www.linuxquestions.org/questions/linux-networking-3/config-squid-so-some-ip-can-access-internet-and-others-just-the-server-207098/)

4mix	07-19-2004 04:08 PM

config squid so some IP can access internet, and others just the server?

I have a network in a block of flats with 55 computers, ant a server which connects them to the Internet.

Some of us have Inernet access, and others not (depends of which pays the Interent access), according to the firewall rules (input and forward based on mac and ip address)

The server has Debian Linux 2.4.18, and squid, apache and mysql installed on it.

All the computers which have access to the internet, pass through squid.

I want to config squid so some IP or mac can access internet, and others just the server (where is a web page with information for my network), but not the internet.

How can I do this?

newpenguin

07-19-2004 06:09 PM

better to post a question rather than asking for a complete howto.
read the squid faq.

but in squid faqs search for

acls
deny_info (to display a custom page)

4mix	07-20-2004 09:07 AM

Thank you for your suggestions.

I have read the howtos, and faqs.

Here is my try:

YesInternet represents the IP-s which I want to have unrestricted access to the Internet,
NonInternet represents the IP-s which I want to have access JUST to the web page that the server provides (IP of the server is 192.168.9.1, on which runs Apache, php, mysql, and squid), and NOT to the Internet.

acl YesInternet src 192.168.9.2-192.168.9.11/32 192.168.9.14-192.168.9.24/32 192.168.9.27-192.168.9.28/32 192.168.9.30-192.168.9.31/32 192.168.9.35/32 192.168.9.46-192.168.9.50/32
acl NonInternet src 192.168.9.12-192.168.9.13/32 192.168.9.25-192.168.9.26/32 192.168.9.29/32 192.168.9.32-192.168.9.34/32 192.168.9.36-192.168.9.45/32 192.168.9.51-192.168.9.255/32
acl dstServerOnly dst 192.168.9.1
acl dstInternet dst 0.0.0.0/0

http_access YesInternet dstInternet
http_access NonInternet dstServerOnly
http_access deny all

Is this correct?

Pls help

4mix	07-20-2004 09:53 AM

I forgot something

Yes I did at least one mistake in http_access section, it should be the following:

http_access allow YesInternet dstInternet
http_access allow NonInternet dstServerOnly
http_access deny all

,

Two more questions:
- It is correct to write all the IP-s in one line with single and interval style, like I did?
- the configuration has the same effect if I write the http_access rules in the following way:

http_access allow YesInternet dstInternet
http_access allow !YesInternet dstServerOnly
http_access deny all

newpenguin

07-20-2004 03:33 PM

a very better approch is to write every acl ips in files.

like

acl yahoo src "/usr/local/squid/acls/yahoo"

and in file write ip addresses. same thing for url_regexs or any other long acl.

4mix	07-20-2004 05:08 PM

Thank you for your suggestions newpenguin !!! :)

But the config lines I wrote, they seem to do the job I want?
:confused:

All times are GMT -5. The time now is 09:36 PM.