hi friends,
i would be very much thankfull if anyone can help me out here.
I have installed Linux server with iptable firewall with running mrtg
(:9191), webmin (:10000) ,apache (:80) and , squid (:8080)--------(:port
no.) . I have blocked access to all the port on the server with iptables
except for my own worstation with ip 10.xx.xx.xx . But now when i open up
the port in iptable for squid (8080) to all the users, they able to access
other mrtg/apache/webmin webpages. I am sure the problem is with the squid
configuration as iptable successfully blocked the access to these ports.
But now squid is somehow responsible for access of the other webpages to
other users..............
Please help me out here. I have tried blocking the other ports through
squidl ACL but its not making any difference my acl configuration is as
acl all src 0.0.0.0/0.0.0.0
acl test1 src 10.170.65.159/32
acl test2 src 10.170.65.104/32
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl server dst 10.170.66.150/255.255.255.255----->
acl FTP proto FTP
acl server1 dstdom_regex http://10.170.66.150: http://10.170.66.150---->
http_access allow localhost
http_access allow manager localhost
http_access allow test1
http_access allow test2
always_direct allow FTP
http_access deny manager !localhost
http_access deny !Safe_ports
http_access deny to_localhost
http_access deny CONNECT !SSL_ports
http_access deny test1 server-------->
http_access deny server--------------->
http_access deny server1-------------->
http_access deny all
(have tried blocking access to server ip/dst domain/dst port but no change
all the users have access to my mrtg/webmin/apache webpages
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
linux-india-help mailing list
linux-india-help@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-india-help
