Hi, there,
I have already tried all the steps mentioned here by you.
and now other computers are getting Internet access also. This is done with
ipfwadm and all other commands (squid is not involved)
My query is how to record the log of those machines ?
That is I should be able to see and store the names of internet sites the people
around the net are accessing by sitting with my linux server.
Waiting for your reply.
Swanand.....
"Binand Raj S." wrote:
> Oops! sent to aunet.org!
>
> Sorry about that.
>
> Binand
>
> aris unit forced the electrons to say:
> > Sir,
>
> Ah... I will tell you when the queen calls me, not before, please...
>
> > I have enabled squid while installing red hat.
> > After that I have given internet access to the network by using command
> > "IPFWADM".
> > and then I have seen the file access.log as suggested by you. But its empty.
> > So again answer my original question please.
>
> For your proxy server to log something, someone has to be using it. So tell
> everyone to set their proxy server as yours - in netscape, it is
> View->Preferences->Advanced->Proxies->Manual Configuration.
>
> ipfwadm is a firewalling tool - it has nothing to do with HTTP proxies. What
> you have to do is to deny access to the internet directly, by bypassing the
> proxy server. For that,
>
> 1. You have to enable IP masquerading on your dial out server.
> 2. You have to setup the routing table of this system.
> 3. You have to make this machine the default gateway for all the other
> machines, or at least you have to insist that people use your proxy server.
> 4. You have to make sure that there is no other route to the internet (another
> modem, maybe).
> 5. You have to setup a firewalling rule by which forwarding of TCP packets on
> HTTP port is denied.
>
> Only then, can you reliably check the logs to see what your users are upto.
>
> Step 1 is done by the command,
> ipfwadm -F -m a <your server ip address>/<your netmask>
>
> The last two can be got from the ifconfig command.
>
> Step 2 is best done automatically by pppd, if you give it the defaultroute
> option.
>
> Step 3 - For other linux machines, do this via linuxconf, or via
> route add -net default gw <ip address of server> dev eth0
> For windows, it is in Network Neighbourhood->TCP/IP->Properties->Gateway
>
> Step 4 - go around your office, and throw all modems you can find out of the
> window.
>
> Step 5 - Run
> ipfwadm -F -i deny -S <your ip addr>/<your netmask> -P tcp -D 0.0.0.0/0 http
>
> Step 1 is required if people are going to use other services as well - like
> telnet or ftp, and your LAN is within the private network IP address range.
> And of course, I have assumed that your dial out and proxy servers are one and
> the same.
>
> Check out the man pages for ipfwadm, route, ifconfig, pppd and so on. Look in
> /usr/doc for more stuff to read.
>
> Binand
>
> --
> #include <stdio.h> | Binand Raj S.
> char *p = "#include <stdio.h>%cchar *p = %c%s%c; | This is a self-
> int main(){printf(p,10,34,p,34,10);return 0;}%c"; | printing program.
> int main(){printf(p,10,34,p,34,10);return 0;} | Try it!!
>
> --------------------------------------------------------------------
> The Linux India Mailing List Archives are now available. Please search
> the archive at http://lists.linux-india.org/ before posting your question
> to avoid repetition and save bandwidth.
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available. Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.
