RE: [squid-users] HELP WITH IPTABLES !!

From: John R. Van Lanen, Network Operations - TCCSA <VANLANEN@dont-contact.us>
Date: Wed, 31 Aug 2005 16:11:15 -0400 (EDT)

Damian, What you could do is setup two networks, one in a trusted zone the
other is not, All your users go into the untrusted zone. Your Proxy sits in the
trusted zone and reach out to the internet. The users in the untrusted zone
can only get to the proxy. The proxy is the only one with a right to go out to
the internet.

You could accomplish this to if your router allows ACL, You could deny all
outbound traffic except that comes from the proxy server.

Good luck.

______________________________________________________________________________
| John R. Van Lanen, Manager of Network Operations Voice: (330) 264-6047 |
| Tri-County Computer Services Association (TCCSA) Fax: (330) 264-5703 |
| "Do not meddle in the affairs of dragons, E-mail:vanlanen@TCCSA.NET|
| because you are crunchy and taste good with ketchup" |
------------------------------------------------------------------------------

> > -----Original Message-----
> > From: Damian Mantelli (A.C.A.R.A) [mailto:dmantelli@acara.org.ar]
> > Sent: Wednesday, August 31, 2005 10:40 AM
> > To: Squid Users
> > Subject: [squid-users] HELP WITH IPTABLES !!
> > Importance: High
> >
> >
> > Hi my name is Damian, I am from Argentina and I am a member
> > of mailing list
> > of SQUID users.
> > I want that all the traffic of my local net goes across my SQUID proxy
> > server. I want to say that all the packages will be forwarded
> > to the port
> > 3128 of my Squid Server.
> > maybe you can help me.
> >
> > Here it is an example of my current Net in my office
> >
> > -->LocalNet 192.168.0.1/27----ETH0--> (SQUID
> > 192.168.0.28:3128 SERVER)<--
> > ETH1 -->INTERNET
> >
> > I have ready set up a couple of rules with Iptables, but I
> > can?t understand
> > what I am doing wrong.
> >
> > I want that HTTP, HTTPS, MSN, POP3, SMTP all of these ports,
> > and others
> > without much importance will be forwarded across my Squid
> > proxy server.
> >

> --SNIP--

> >
> > Pardon for the inconveniences.
> >
> >
> > Thanks you very much for your help.
> >
> > Damian Mantelli
> > ARGENTINA
> >

> This will not work. Squid is strictly an HTTP proxy, and (to the best of my knowledge) can only intercept HTTP communications (not HTTPS, or any of the rest). Some services can be explicitly told to use an HTTP proxy, but what you are attempting is just not going to work.

> Chris
Received on Wed Aug 31 2005 - 14:13:58 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:03 MDT