LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to allow only Squid to access the internet? (https://www.linuxquestions.org/questions/linux-networking-3/how-to-allow-only-squid-to-access-the-internet-390617/)

varange 12-08-2005 02:22 PM

How to allow only Squid to access the internet?
 
Hi

Our little office network consists of a DSL router, and one subnet with about 15 hosts.

One of the hosts is running Squid, and it all works fine with the browsers on the clients set to use Squid.

Of course, the users can simply choose to not use a proxy and can surf the internet directly. This is what I'm hoping to change.

What gets me is how to set up my DSL router to allow only the machine running Squid to request web pages. Or should I be looking at the switch for a solution.

I guess what I really need is someone to help me understand the mechanism of how to tackle the problem more than a HOWTO.

The Router has a web interface. It allows me to black and allow traffic from and to certain machines based on which port the request is sent on. Sometimes it takes the value of 0.0.0.0 as the IP address. Would this mean that it allows all traffic on that port?

The router is a Dynalink RTA220.

Thanks

Finlay 12-08-2005 03:56 PM

does your router allow you to block outgoing ports?
if so you can block http and https, and only allow it from the squid box.

other option, which may cause some routing issues, is to set your default gateway in the DHCP to use the squid box.

varange 12-08-2005 10:28 PM

Yes it does allow blocking of outgoing ports.

What I can't figure out is how to disallow all port 80 packets, but allow it for one host.

Interesting idea with the gateway. Hmmmm.

angrybeaver 12-08-2005 11:23 PM

there's not much in the way of documentation for that router, but basically you want a blanket deny rule for 0.0.0.0 outbound on TCP/80 and an allow rule for your proxy server. If it came with a manual or .pdf on a cd-rom etc, then it should detail how to do this...

varange 12-09-2005 01:00 AM

Indeed, the documentation, as always, is terrible. Thanks for taking the time , angrybeaver.

Like you said: I need two rules. I tried to firstly deny all traffic, and then allow for only the one machine. Grrr, no luck thus far.

Maybe I should give you access to the router, see if you can do something with it?

Finlay 12-09-2005 01:22 AM

try reversing the order of rules, allow then deny

varange 12-09-2005 01:24 AM

OK, good idea. Thanks. I'll try on Monday :-)


All times are GMT -5. The time now is 12:26 PM.