----- Original Message ----- From: "Marvin Pascual" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 9:33 AM Subject: Re: [plug] About Packet Filtering and Squid Proxy
> Yeah, it would be possible but afaik it needs to manually set IPTables > rules for each MAC addresses in the squid.conf's ACL. But I don't want > to do this because we have hundreds of users in Metro Manila area > alone. I want something that will: > > [1] DROP ALL first > [2] ACCEPT my workstation for TCP port 22 and 8080 only > [3] ACCEPT all MAC addresses that are in my squid.conf's ACL for TCP > port 8080 only > > Is there any solution for this problem? yes there is... > [1] DROP ALL first be sure that the final gateway before going on the net is the one responsible dropping the packets... so its either your linux box or your router > [2] ACCEPT my workstation for TCP port 22 and 8080 only let the ip firewall handle this... since you are planning to drop all the packets, be sure also to allow udp port 53 (dns) if it is applicable to your needs > [3] ACCEPT all MAC addresses that are in my squid.conf's ACL for TCP > port 8080 only let squid's acl handle this... but take note, filtering thru mac address is only good if the workstations are on the same subnet... you mentioned above that there are hundreds of users in metro manila... i assume that those users are on the different subnet... therefore, filtering thru mac address is not applicable... you must filter this thru ip address plus added security by using login authentication thru squid... fooler. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
