> Try the following firewall rules (I use them on a SuSE 9.0): > > # transparent proxy for localhost: > #allow user squid and root to access the internet via destination port 80(www): > iptables -A OUTPUT -o ppp0 tcp --dport www -t nat -m owner --uid-owner squid -j > ACCEPT > iptables -A OUTPUT -o ppp0 tcp --dport www -t nat -m owner --uid-owner root -j > ACCEPT > > #force all other request for destination port 80(www) to port 3128 > iptables -A OUTPUT -o ppp0 tcp --dport www -t -j REDIRECT --to 3128 > > Within squid you can handle specific needs for user access via access control lists. > Or you > can configure iptables to accept connection from any other clients to the internet. > > cu
Kai, Would you know how iptables determines who the connection is from? I mean, does it use identd or some other mechinism? The reason I ask is that I currently am using squidguard to filter based on user and identd becomes the largest load on the system when things get busy. If I could use iptables to redirect based on user without using identd, that could be very helpful. Pete Billson -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
