Oops! sent to aunet.org!
Sorry about that.
Binand
aris unit forced the electrons to say:
> Sir,
Ah... I will tell you when the queen calls me, not before, please...
> I have enabled squid while installing red hat.
> After that I have given internet access to the network by using command
> "IPFWADM".
> and then I have seen the file access.log as suggested by you. But its empty.
> So again answer my original question please.
For your proxy server to log something, someone has to be using it. So tell
everyone to set their proxy server as yours - in netscape, it is
View->Preferences->Advanced->Proxies->Manual Configuration.
ipfwadm is a firewalling tool - it has nothing to do with HTTP proxies. What
you have to do is to deny access to the internet directly, by bypassing the
proxy server. For that,
1. You have to enable IP masquerading on your dial out server.
2. You have to setup the routing table of this system.
3. You have to make this machine the default gateway for all the other
machines, or at least you have to insist that people use your proxy server.
4. You have to make sure that there is no other route to the internet (another
modem, maybe).
5. You have to setup a firewalling rule by which forwarding of TCP packets on
HTTP port is denied.
Only then, can you reliably check the logs to see what your users are upto.
Step 1 is done by the command,
ipfwadm -F -m a <your server ip address>/<your netmask>
The last two can be got from the ifconfig command.
Step 2 is best done automatically by pppd, if you give it the defaultroute
option.
Step 3 - For other linux machines, do this via linuxconf, or via
route add -net default gw <ip address of server> dev eth0
For windows, it is in Network Neighbourhood->TCP/IP->Properties->Gateway
Step 4 - go around your office, and throw all modems you can find out of the
window.
Step 5 - Run
ipfwadm -F -i deny -S <your ip addr>/<your netmask> -P tcp -D 0.0.0.0/0 http
Step 1 is required if people are going to use other services as well - like
telnet or ftp, and your LAN is within the private network IP address range.
And of course, I have assumed that your dial out and proxy servers are one and
the same.
Check out the man pages for ipfwadm, route, ifconfig, pppd and so on. Look in
/usr/doc for more stuff to read.
Binand
--
#include <stdio.h> | Binand Raj S.
char *p = "#include <stdio.h>%cchar *p = %c%s%c; | This is a self-
int main(){printf(p,10,34,p,34,10);return 0;}%c"; | printing program.
int main(){printf(p,10,34,p,34,10);return 0;} | Try it!!
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available. Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.
