Hi Agnello,
You can block the gmail site in two ways:
1.) With the FW
2.) With the Squid Proxy
But in your case it would be a better idea to block the gmail site with squid
acls. In that way you do not have to worry about port 443.
Also from the config given seems you are jus using the FW primarily as a port
forwarder.
Regards
Bijendra Arora
Agnello George <[EMAIL PROTECTED]> wrote:
HI
I have Linux server ( Cent OS ) that runs a firewall and squid ( which is
behind the fire wall ) . bellow is my iptable file
# Generated by iptables-save v1.3.5 on Thu Feb 7 02:43:43 2008
*nat
:PREROUTING ACCEPT [5233:333834]
:POSTROUTING ACCEPT [5:1836]
:OUTPUT ACCEPT [1150:71993]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p udp -m udp --dport 22 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Feb 7 02:43:43 2008
# Generated by iptables-save v1.3.5 on Thu Feb 7 02:43:43 2008
*filter
:INPUT ACCEPT [68521:21158845]
:FORWARD ACCEPT [36355:23402728]
:OUTPUT ACCEPT [93843:100437897]
-A INPUT -i lo -j ACCEPT
-A FORWARD -i eth2 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Thu Feb 7 02:43:43 2008
I redirect all request that comes for port 80 to 3128 ( squid machine ) ....
and there with the squid i have blocked few sites.
But i want to block gmail ( but i am not allowed to block port 443... which
gmail works on )
so my question here is how do i block gmail with out blocking port 443 ?
(sorry for binging this issue up again !! but i have not really not found a
permanent solution )
Thanks ! for all the help !!!
--
Regards
Agnello Dsouza
www.linux-vashi.blogspot.com
[Non-text portions of this message have been removed]
---------------------------------
Never miss a thing. Make Yahoo your homepage.
[Non-text portions of this message have been removed]
