Hey again Jake,
P.S. same front note as prev. message ! <g>
1) iptables I don't know that well but what I do know is IPCHAINS
ipchains -A output -i out_iface -p tcp any/0 out_ip any/0 80 (policy
is deny <g>)
Basicly what this tells the firewall is to only allow port 80 conns. on the
outgoing interface if they are from the outgoing interfaces IP. Block
everything on the private interface except port 8080,3128 (squid) and maybe
port 53 (dns) and port 25 (smtp) and port 110 (pop) and *maybe* <breath>
port 143 (IMAP). Don't allow NAT/MASQ cause I beleive *eveything* _*has*_ to
pass trough the firewall.
2) The easy way - Install Webmin ( http://www.webmin.com/webmin/ ) <g>
The hard way - Make a ACL (access control list) for all the users you
want to deny/control/what every
e.g. acl my-denied-list 192.168.0.0/24
or
e.g. acl denied-user145 192.168.0.145/32
etc.
Now for the time thing it is something like
e.g. acl time time 07:00-18:00 (this will cover all the days)
Off the top of my head I think it is something like
e.g. http_access allow time my-denied-list (I *think* the acl's get exec. in
order of left to right)
3) I did this before but I had to compile my own squid from source. I think
that it will then auth. your users from the SMB machine.
Give it a try and let me know.... !
Cheers,
Pieter
-----Original Message-----
From: Jake Colman [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 24, 2001 4:43 PM
To: RedHat List
Subject: Squid Questions
I'd like to run squid under RH 7.2. The primary purpose is to force all web
access through squid so that I can squid's proxy authorization and the squid
access.log to track where my user's have gone on the web.
Some questions:
1) Using iptables, how can I disable outgoing access to port 80. This is
necessary to ensure that the browser is configured to use the proxy port
at 3128. Otherwise, they can bypass squid and I'd never know.
2) Is there a way to disable all squid accesss, on per user or machine
basis,
during certain hours?
3) Rather than maintain a seperate user/password file for squid, is there to
have it simply use the unix user/password? Or, better yet, since I also
have a samba server, automatically have it authenticate using the same
user/password? Even better, have this authentication happen
automatically
so that they never even enter a user/password for squid at all?
--
Jake Colman
Principia Partners LLC Phone: (201) 946-0300
Harborside Financial Center Fax: (201) 946-0320
902 Plaza Two E-mail: [EMAIL PROTECTED]
Jersey City, NJ 07311 www.principiapartners.com
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
