Dear ALL, Access to two host is done by squid. BUT some other hosts still can go by following conditions: 1. They makes direct connection to internet. 2. If they use any other squid port like 3128 and IP 192.168.1.11 My host running squid is 192.168.1.11 and port 20000 but they r able to browse by 3128 port too.
I am running TRANSPARENT proxy which means "Whether user gives the squid port or not it will be logged and www data will come from *squid*." Correct me if m wrong . I am using following to direct to squid. /sbin/ipchains -A input -p tcp -d 127.0.0.1/24 www -j ACCEPT /sbin/ipchains -A input -p tcp -d 192.168.1.11/24 www -j ACCEPT /sbin/ipchains -A input -p tcp -d 0/0 www -j REDIRECT 20000 It's working too (Transparent proxy, i can see the /var/log/squid/access.log for both direct & through proxy) Now what can i do so that no one can go without SQUID and can't browse even through DIRECT connections. Please Help Regards -Yash On Fri, 02 Nov 2001, Mithun Bhattacharya wrote: > Yashpal Nagar wrote: > > > > But i want to allow only single host to web browsing which is 192.168.1.19 > > Sorry i changed the IP. this time 192.168.1.19 is GOOD. > > still the same problem. ;( > > 1004684532.823 6 192.168.1.19 TCP_DENIED/403 1048 GET http://www.google.com/ >- NONE/- - > > 1004684533.001 7 192.168.1.19 TCP_DENIED/403 1048 GET http://www.google.com/ >- NONE/- > > > > > > > > > > > > > acl GOOD src 192.168.1.35/255.255.255.255 > > > > > acl BAD src 192.168.1.0/24 > > > > > > > > > > http_access deny BAD !GOOD > > > Assuming you did a restart after changing the config file. Try this. > > acl GOOD src 192.168.1.19/255.255.255.255 > acl BAD src 192.168.1.0/24 > > http_access deny BAD > http_access allow GOOD > > Dont forget to restart. > > > > Mithun > > ================================================ > To subscribe, send email to [EMAIL PROTECTED] with 'subscribe' in subject header > To unsubscribe, send email to [EMAIL PROTECTED] with 'unsubscribe' in subject >header > ================================================= _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
