config squid so some IP can access internet, and others just the server?
I have a network in a block of flats with 55 computers, ant a server which connects them to the Internet.
Some of us have Inernet access, and others not (depends of which pays the Interent access), according to the firewall rules (input and forward based on mac and ip address) The server has Debian Linux 2.4.18, and squid, apache and mysql installed on it. All the computers which have access to the internet, pass through squid. I want to config squid so some IP or mac can access internet, and others just the server (where is a web page with information for my network), but not the internet. How can I do this? |
better to post a question rather than asking for a complete howto.
read the squid faq. but in squid faqs search for acls deny_info (to display a custom page) |
Thank you for your suggestions.
I have read the howtos, and faqs. Here is my try: YesInternet represents the IP-s which I want to have unrestricted access to the Internet, NonInternet represents the IP-s which I want to have access JUST to the web page that the server provides (IP of the server is 192.168.9.1, on which runs Apache, php, mysql, and squid), and NOT to the Internet. acl YesInternet src 192.168.9.2-192.168.9.11/32 192.168.9.14-192.168.9.24/32 192.168.9.27-192.168.9.28/32 192.168.9.30-192.168.9.31/32 192.168.9.35/32 192.168.9.46-192.168.9.50/32 acl NonInternet src 192.168.9.12-192.168.9.13/32 192.168.9.25-192.168.9.26/32 192.168.9.29/32 192.168.9.32-192.168.9.34/32 192.168.9.36-192.168.9.45/32 192.168.9.51-192.168.9.255/32 acl dstServerOnly dst 192.168.9.1 acl dstInternet dst 0.0.0.0/0 http_access YesInternet dstInternet http_access NonInternet dstServerOnly http_access deny all Is this correct? Pls help |
I forgot something
Yes I did at least one mistake in http_access section, it should be the following:
http_access allow YesInternet dstInternet http_access allow NonInternet dstServerOnly http_access deny all , Two more questions: - It is correct to write all the IP-s in one line with single and interval style, like I did? - the configuration has the same effect if I write the http_access rules in the following way: http_access allow YesInternet dstInternet http_access allow !YesInternet dstServerOnly http_access deny all |
a very better approch is to write every acl ips in files.
like acl yahoo src "/usr/local/squid/acls/yahoo" and in file write ip addresses. same thing for url_regexs or any other long acl. |
Thank you for your suggestions newpenguin !!! :)
But the config lines I wrote, they seem to do the job I want? :confused: |
All times are GMT -5. The time now is 09:36 PM. |