-   Linux - Networking (
-   -   squid management with IPtables (

shamza 07-08-2005 04:13 AM

squid management with IPtables

I am using RedHat Linux A.S 2.1 with squid-2.4.STABLE6-1.7.2 and IPTABLES for Transparent proxy . I want to manage my proxy I want to allow limited download to my client like maximum 1MB in business hours and more then 1MB downloads are allowed after business hours and i also want to block massenger. my squid ACL are blow

http_access allow SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ncsa_users
http_access allow supper_access
http_access deny deny_domain
http_access allow neta
http_access allow localhost
http_access deny all

My iptables script are blow

$iptables --flush -t nat
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

In this scenario How can i restrict my client for downloads and messanger???
any one can help me?
Thanks in Advance


fouldsy 07-08-2005 03:13 PM

Not sure whether there is a way to have Squid limit the available bandwidth for downloads during certain times of the day.
As for blocking MSN, it uses multiple different ports to access servers - I tried blocking certain ports and ranges, but the most effective is to ammend your iptables rules to drop all outgoing TCP connections except, say 21, 25, 80, 443 which would still allow your main internet protocols to work, but drop all others. this was pretty effective, but there are quite a few web-based messenger services such as and so on, so then you start blocking sites through squid,squidguard or whatver and it keeps going on and on! hope this helps a little though!

All times are GMT -5. The time now is 09:11 PM.