dupa ----- Original Message -----=20 From: "Appended" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, January 25, 2005 1:45 PM Subject: [rlug] Re: firewall
> http_access deny all=20 > se pune inainte sau dupa=20 > http_access allow noi ?=20 >=20 >=20 > On Tue, 25 Jan 2005 12:40:37 +0200, lonely wolf <[EMAIL PROTECTED]> = wrote: > > Appended wrote: > >=20 > > >Salut, > > > > > >Am un proxy trasparent (box-ul acela este si router) care se = comporta > > >ok pentru toti clientii. In fisierul de configurare, am creat > > >ACL-urile care permite acces la cache doar pentru cei din retea > > >(82.79.155.128/26). Cand am creat proxy transparent, am pus regula: > > > > > >iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT > > >--to-port 3128 > > > > > > > > > > > >Ceea ce ma deranjeaza este ca cei din afara retelei = (82.79.155.128/26) > > >au acces la portul 3128. Doresc sa fac DROP la toti acestia. Am > > >incercat cu o regula, insa aceasta face drop si la cei din retea = mea > > >(82.79.155.128/26). > > > > > > > > iptables -A INPUT -p tcp -s 82.79.155.128/26 --dport 3128 -j ACCEPT > > iptables -A INPUT -p tcp --dport 3128 -j DROP > >=20 > > in squid ai putea pune ceva de genul > >=20 > > acl src noi 82.79.155.128/26 > > http_access allow noi > >=20 > > ps; ai grija cum faci si redirectul. eu unul as fi pus: > >=20 > > iptables -t nat -A PREROUTING -i eth1 -p tcp -s 82.79.155.128/26 = --dport 80 -j REDIRECT > > --to-port 3128 > >=20 > > -- > > Cine a zis ca sexul este un raspuns? Sexul este o intrebare. "Da" = este raspunsul. (Woody Allen) > >=20 > >=20 > > --- > > Detalii despre listele noastre de mail: http://www.lug.ro/ > >=20 > > >=20 > ---=20 > Detalii despre listele noastre de mail: http://www.lug.ro/ >=20 >=20 > .......................................................................... Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible fordelivery of the message to such person), you may not copy or deliver this message to anyone. In such a case, you should destroy this message and kindly notify the sender by reply e-mail. --- Detalii despre listele noastre de mail: http://www.lug.ro/
