All of lore.kernel.org
 help / color / mirror / Atom feed
* Blocking Squid Requests
@ 2003-05-07 12:05 Walter Priesnitz Filho
  2003-05-07 19:27 ` xchris
  2003-05-09  4:13 ` Dharmendra.T
  0 siblings, 2 replies; 4+ messages in thread
From: Walter Priesnitz Filho @ 2003-05-07 12:05 UTC (permalink / raw)
  To: IPTables

Hi,
I have this environment, a subnetwork (192.168.0.0) that access another
subnetwork (192.168.59.0) and then access the internet. The second lan has a
proxy server (squid:3128).
I need to block the requests in th first lan to the squid server to some
sites. How can I do this?
I've tried this
iptables  -A FORWARD -p tcp -m multiport --dport 80,443,3128 -d
www.someplace.com -j DROP
but doesn't work.
Can anybody help-me?

Regards,
      Walter
--------------------------------------------
  Walter Priesnitz Filho - UIN 121745902
  http://camva.ucs.br/~walterp/
  Linux user 268789 - http://counter.li.org/
--------------------------------------------



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Blocking Squid Requests
  2003-05-07 12:05 Blocking Squid Requests Walter Priesnitz Filho
@ 2003-05-07 19:27 ` xchris
  2003-05-08  6:59   ` Ray Leach
  2003-05-09  4:13 ` Dharmendra.T
  1 sibling, 1 reply; 4+ messages in thread
From: xchris @ 2003-05-07 19:27 UTC (permalink / raw)
  To: netfilter; +Cc: Walter Priesnitz Filho

On Wednesday 07 May 2003 14:05, Walter Priesnitz Filho wrote:
> Hi,
> I have this environment, a subnetwork (192.168.0.0) that access another
> subnetwork (192.168.59.0) and then access the internet. The second lan has
> a proxy server (squid:3128).
> I need to block the requests in th first lan to the squid server to some
> sites. How can I do this?
> I've tried this
> iptables  -A FORWARD -p tcp -m multiport --dport 80,443,3128 -d
> www.someplace.com -j DROP
> but doesn't work.
> Can anybody help-me?

why don't use OUTPUT/INPUT  chain? 
you disable output/input from the lan to your firewall (so squid doesn't get 
requests)

bye
xchris




^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Blocking Squid Requests
  2003-05-07 19:27 ` xchris
@ 2003-05-08  6:59   ` Ray Leach
  0 siblings, 0 replies; 4+ messages in thread
From: Ray Leach @ 2003-05-08  6:59 UTC (permalink / raw)
  To: Netfilter Mailing List

[-- Attachment #1: Type: text/plain, Size: 783 bytes --]

On Wed, 2003-05-07 at 21:27, xchris wrote:
> On Wednesday 07 May 2003 14:05, Walter Priesnitz Filho wrote:
> > Hi,
> > I have this environment, a subnetwork (192.168.0.0) that access another
> > subnetwork (192.168.59.0) and then access the internet. The second lan has
> > a proxy server (squid:3128).
> > I need to block the requests in th first lan to the squid server to some
> > sites. How can I do this?
> > I've tried this
> > iptables  -A FORWARD -p tcp -m multiport --dport 80,443,3128 -d
> > www.someplace.com -j DROP
> > but doesn't work.
> > Can anybody help-me?
> 
> why don't use OUTPUT/INPUT  chain? 
> you disable output/input from the lan to your firewall (so squid doesn't get 
> requests)

Why not use squidGuard? Or even squid a squid acl?



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Blocking Squid Requests
  2003-05-07 12:05 Blocking Squid Requests Walter Priesnitz Filho
  2003-05-07 19:27 ` xchris
@ 2003-05-09  4:13 ` Dharmendra.T
  1 sibling, 0 replies; 4+ messages in thread
From: Dharmendra.T @ 2003-05-09  4:13 UTC (permalink / raw)
  To: Walter Priesnitz Filho; +Cc: IPTables

[-- Attachment #1: Type: text/plain, Size: 956 bytes --]

Hi,

 It is better to add the acls on the squid than on the firewall. Proxy
servers will give good performance compared to the firewalls in acls.

Regards
Dharmu

On Wed, 2003-05-07 at 17:35, Walter Priesnitz Filho wrote:

    Hi,
    I have this environment, a subnetwork (192.168.0.0) that access another
    subnetwork (192.168.59.0) and then access the internet. The second lan has a
    proxy server (squid:3128).
    I need to block the requests in th first lan to the squid server to some
    sites. How can I do this?
    I've tried this
    iptables  -A FORWARD -p tcp -m multiport --dport 80,443,3128 -d
    www.someplace.com -j DROP
    but doesn't work.
    Can anybody help-me?
    
    Regards,
          Walter
    --------------------------------------------
      Walter Priesnitz Filho - UIN 121745902
      http://camva.ucs.br/~walterp/
      Linux user 268789 - http://counter.li.org/
    --------------------------------------------



[-- Attachment #2: Type: text/html, Size: 2289 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-05-09  4:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-05-07 12:05 Blocking Squid Requests Walter Priesnitz Filho
2003-05-07 19:27 ` xchris
2003-05-08  6:59   ` Ray Leach
2003-05-09  4:13 ` Dharmendra.T

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.