On 1/24/2003 10:56 AM, someone claiming to be David A. Bandel wrote:
Interesting. Thanks. I'll do that when I get the router part straightened out. The way the router is set up, the server that would be running squid can be bypassed just by specifying the router as the gateway, so whatever iptables rules I set up would be irrelevant.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1On Fri, 24 Jan 2003 09:25:57 -0500 begin Tim Wunder <[EMAIL PROTECTED]> spewed forth:I'm currently using a freesco router to access the internet. Currnetly, I have no controls on it for local access out to the internet. So my son's PC accesses the internet by using the router as the gateway. Now, I'd like to be able to allow only 192.168.1.2 (my PC/server) to be able to access the internet through my router, and to run squid and squid-guard (or dans guardian) on my server to control internet access.
Now, freesco allows me to add IP addresses to /etc/banlist.cfg. I can ban a single IP address by adding the line "l,192.168.1.5", or a network
by adding "l,192.168.1.0/24". Can I use a netmask other than /24 that would only allow 192.168.1.2 access to the 'net thru the router?
Any other ideas for a means of controlling 'net access?
I don't know about Freesco. However, under iptables it's very easy to redirect all systems attempting to bypass the Squid system back to the the squid system. Basically, only allow port 80 requests from squid's IP out, and redirect all queries from other systems back to squid. No worries. I believe in the iptables documentation they even have an example of how to set up this very task (if not, it's in the squid docs -- I know I've seen it).
To rephrase my question...
If I add l,192.168.1.0/32, I'd be blocking everybody (I think...). Can I use something like 192.168.1.0/30 and block everything above 192.168.1.2? I can then specifically block 192.168.1.1 and thus, have what I want. I guess I can just try it and see what happens...
Tim
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
