Squid restrictions and discriminating iptables rulesets
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Squid restrictions and discriminating iptables rulesets
I am downed with the task of giving a group of employees where i work restriction to certain sites during working hours. Now here comes my questions:
1. How can i put down my "http_access" rules, having in mind that I need to restrict a certain range of IP's from accessing certain sites during working hours using squid. Consider, the scenario below:
Code:
acl RECEPTIONISTS src 192.168.0.20-192.168.0.30
acl WORK_HOURS time M T W H F 8:30-16:00
acl BAD_DOMAINS dstdom_regex -i "/etc/squid/bad_domains"
2. How can I configure iptables ruleset such that these range of IP's can't forward their requests directly to the gateway?
My problem is working with a range of IP addresses
Last edited by win32sux; 07-22-2008 at 06:12 AM.
Reason: Changed QUOTE tags to CODE tags.
1. How can i put down my "http_access" rules, having in mind that I need to restrict a certain range of IP's from accessing certain sites during working hours using squid. Consider, the scenario below:
Code:
acl RECEPTIONISTS src 192.168.0.20-192.168.0.30
acl WORK_HOURS time M T W H F 8:30-16:00
acl BAD_DOMAINS dstdom_regex -i "/etc/squid/bad_domains"
2. How can I configure iptables ruleset such that these range of IP's can't forward their requests directly to the gateway?
My problem is working with a range of IP addresses
Assuming you mean through the gateway, here's an example:
What do I need to do to make the proxy server intercepting (or transparent)?
Two things. First, you need to tell Squid you want it to run in transparent mode. How you do that depends on the version you have (let us know). Second, you need an iptables rule which redirects (to Squid) HTTP traffic which was meant to be NATed - something like:
Then all you need to do is find the http_port line in your squid.conf and add "transparent" to it. Like, for example:
Code:
http_port 3128 transparent
PS: Please use CODE tags instead of QUOTE tags when posting output and stuff like that. It makes things display better and it makes it a lot easier to quote the relevant parts of your post when replying to it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.