Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
![Reply](https://www.linuxquestions.org/questions/images/buttons/reply.gif) |
12-08-2005, 02:22 PM
|
#1
|
LQ Newbie
Registered: Oct 2005
Posts: 12
Rep:
|
How to allow only Squid to access the internet?
Hi
Our little office network consists of a DSL router, and one subnet with about 15 hosts.
One of the hosts is running Squid, and it all works fine with the browsers on the clients set to use Squid.
Of course, the users can simply choose to not use a proxy and can surf the internet directly. This is what I'm hoping to change.
What gets me is how to set up my DSL router to allow only the machine running Squid to request web pages. Or should I be looking at the switch for a solution.
I guess what I really need is someone to help me understand the mechanism of how to tackle the problem more than a HOWTO.
The Router has a web interface. It allows me to black and allow traffic from and to certain machines based on which port the request is sent on. Sometimes it takes the value of 0.0.0.0 as the IP address. Would this mean that it allows all traffic on that port?
The router is a Dynalink RTA220.
Thanks
|
|
|
12-08-2005, 03:56 PM
|
#2
|
Senior Member
Registered: Mar 2003
Location: Seattle
Distribution: Slackware ?-14.1
Posts: 1,029
Rep:
|
does your router allow you to block outgoing ports?
if so you can block http and https, and only allow it from the squid box.
other option, which may cause some routing issues, is to set your default gateway in the DHCP to use the squid box.
|
|
|
12-08-2005, 10:28 PM
|
#3
|
LQ Newbie
Registered: Oct 2005
Posts: 12
Original Poster
Rep:
|
Yes it does allow blocking of outgoing ports.
What I can't figure out is how to disallow all port 80 packets, but allow it for one host.
Interesting idea with the gateway. Hmmmm.
|
|
|
12-08-2005, 11:23 PM
|
#4
|
Member
Registered: Aug 2004
Location: .au
Distribution: debian, BSD
Posts: 104
Rep:
|
there's not much in the way of documentation for that router, but basically you want a blanket deny rule for 0.0.0.0 outbound on TCP/80 and an allow rule for your proxy server. If it came with a manual or .pdf on a cd-rom etc, then it should detail how to do this...
|
|
|
12-09-2005, 01:00 AM
|
#5
|
LQ Newbie
Registered: Oct 2005
Posts: 12
Original Poster
Rep:
|
Indeed, the documentation, as always, is terrible. Thanks for taking the time , angrybeaver.
Like you said: I need two rules. I tried to firstly deny all traffic, and then allow for only the one machine. Grrr, no luck thus far.
Maybe I should give you access to the router, see if you can do something with it?
|
|
|
12-09-2005, 01:22 AM
|
#6
|
Senior Member
Registered: Mar 2003
Location: Seattle
Distribution: Slackware ?-14.1
Posts: 1,029
Rep:
|
try reversing the order of rules, allow then deny
|
|
|
12-09-2005, 01:24 AM
|
#7
|
LQ Newbie
Registered: Oct 2005
Posts: 12
Original Poster
Rep:
|
OK, good idea. Thanks. I'll try on Monday :-)
|
|
|
All times are GMT -5. The time now is 01:06 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|