LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-26-2008, 01:33 PM   #1
xzeppelin
LQ Newbie
 
Registered: May 2008
Posts: 3

Rep: Reputation: 0
Squid acl block internet by ip address


I am running Squid 2.5 caching proxy on Red Hat with 3 subnets 172.18.88.0/24, 172.18.89.0/24 and 172.18.90.0/24. I have set aside 10 ip addresses in each subnet (.100 to .109) and statically assigned these ip's to computers that I do not want to allow internet access. How do I configure appropriate acl's in squid.conf to achieve this? Thanks.
 
Old 05-27-2008, 08:59 AM   #2
sunethj
Member
 
Registered: Nov 2006
Posts: 97

Rep: Reputation: 16
check this. This article will help you to understand squid acls so that you'll be able to do more stuff with squid.
 
Old 05-27-2008, 09:54 AM   #3
xzeppelin
LQ Newbie
 
Registered: May 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for the help

That's a good straightforward article on the use of Squid. The example shows how to allow a subnet which I am already doing. Any thoughts on how I can allow the subnet except for 10 addresses. Do I add an access deny acl and specifically (and individually) identify the ip's I wish to block internet access to? Still learning.
 
Old 05-28-2008, 12:14 AM   #4
kirtimaan_bkn
Member
 
Registered: Aug 2004
Location: INDIA
Distribution: Various Distros
Posts: 203

Rep: Reputation: 31
Thanks for sharing this article.
 
Old 05-28-2008, 01:15 AM   #5
grizly
Member
 
Registered: Nov 2006
Location: Melbourne Australia
Distribution: Centos, RHEL, Debian, Ubuntu, Mint
Posts: 128

Rep: Reputation: 16
Quote:
acl network1 src 172.18.88.0/255.255.255.0
acl network2 src 172.18.89.0/255.255.255.0
acl network3 src 172.18.90.0/255.255.255.0
acl banned src 172.18.88.100-109
acl banned src 172.18.89.100-109
acl banned src 172.18.90.100-109

http_access deny banned
http_reply_access deny banned
http_access allow network1
http_access allow network2
http_access allow network3
http_reply_access allow all
As an example.. I'm not sure if the ranges work in IP's, but you can just add them to a file or individually.

Quote:
acl banned_machines src '/etc/squid/denied_machines.acl'
http_access deny banned_machines
http_reply_access deny banned_machines
The important part, is that you allow the subnet, then block the individual IP's.
 
Old 05-28-2008, 04:06 PM   #6
xzeppelin
LQ Newbie
 
Registered: May 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks Grizly

Concise and to the point. I appreciate your help. I will try this tonight.
 
  


Reply

Tags
squidconf


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
block internet if no squid proxy mrlinux2000 Linux - Software 14 02-26-2008 09:06 AM
by using iptables block mac address to restric user to access internet Farrukh Fida Linux - Networking 3 10-09-2006 08:59 AM
squid acl how to block all site except some mikmok Linux - Networking 1 12-22-2003 09:20 AM
SQUID:How can I block my LAN clients accessing Internet mwj Linux - Networking 1 10-27-2003 05:01 AM
Squid ACL dfctve_end_user Linux - Networking 2 01-13-2003 10:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration