hi abhijeet I am responding in regards to your first query only these might be some added steps for defining the acls in squid for allowing your clients. Hope I might not make your query more complicated. If so please discard this message.
Such as define your subnet : inside the file squid.conf ## acl MyLan src 192.168.0.0/24 http_access allow Mylan # And finally deny all other access to this proxy acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 http_access allow localhost http_access deny all ### Assuming that your client machines' ips are 192.168.0.2, 192.168.0.3.... upto 192.168.0.254 ### putting the server ip as 192.168.0.1 ##you might replace the ips according to your needs #In this way you might to allow your client ips and disallow other ips. * Also you might be interested in these ports too :* #acl Safe_ports port 5000 # Yahoo messenger Chat # Yahoo Tcp chat : 5000 Yahoo Tcp chat :5100 # Yahoo Tcp phone : 5055 Yahoo 5100 webcam acl Safe_ports port 2100-2200 # for Dap acl Safe_ports port 21400-21500 # for windows messenger UDP :21486 acl Safe_ports port 59600-59700 # for windows messenger TCP : 59619 acl Safe_ports port 5000-5200 # For Yahoo messenger acl Safe_ports port 8996 # For windows messenger acl Safe_ports port 6660-6669 # For Mirc client acl Safe_ports port 6891-6901 # For winsock #see support.microsoft.com/kb/q278887/ - Rajesh #see faqs on www.dlink.com for ports - Rajesh ################################################################ acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 554 # for Real player acl Safe_ports port 6770-7170 # For Real Player UDP # and finally http_access deny !Safe_ports # blocking the unsafe ports :) # but depends upon your clients. Some clients might want all the ports to be open. So you should know whether you should block the ports or not.. On 11/27/07, Abhijeet <[EMAIL PROTECTED]> wrote: > > > Hello Everyone, > This is Abhijeet, I had recently cobfigured a proxy server > in quiet a hurry mode, so couldn't comlpete the ACL forr security , > now there are people trying to open ssh session from Class A ips. I > think they are hosting their ftp sites or webpages there, and our > proxy isn't seerving the LAN http request. CAn anyone come up with the > configuration to be implemented in the squid.conf file. I had used > http access allow to internal LAN and DEny to rest. > > > Also one of the Linux PC mount point was wronlgy mounted becoz of > which it isn't restarting and giving the error message form the /etc/ > fstab. the repair mode is in # mode and isn't allowing VIM text > editor to edit the /etc/fstab file to retstart it. I have important > fies there, so can't format or repartition it. Are there any other > ways to restore the the computer files and take out the mount point > from the fstab file. Need help pretty quickly. > > > Thanks > Abhijeet Maskey > > > > -- Rajesh --~--~---------~--~----~------------~-------~--~----~ FOSS Nepal mailing list: [email protected] http://groups.google.com/group/foss-nepal To unsubscribe, e-mail: [EMAIL PROTECTED] Community website: http://www.fossnepal.org/ -~----------~----~----~----~------~----~------~--~---
