On Sunday 10 September 2006 11:15, Stuart Henderson wrote:
> > I was until I finally got it that the rules are looking at IP's after -
> > not before, NAT. :)
>
> well, same applies when you use tables :)
Yes, that's what was going on, but it took a while for me to get it.
> > > If you prefer simpler and lower resource-use and don't need
> > > caching, tinyproxy works nicely.
> >
> > I'm not sure how fine grained the control is. It needs to define allowed
> > sites for different user groups (by IP). Something like this:
> > 192.168.0.0/26 can access (list of web sites)
> > 192.168.0.65/27 can access (list of web sites)
> > 192.168.0.97/28 can access (any web site)
>
> You can do it with a couple of copies running and some creative
> configuration (rdr to different instances of tinyproxy depending on
> source address and abusing upstream proxy support), but for more
> complex needs squid's probably easier. Or of course httpd has
> mod_proxy and is in base and is somewhere between the two in
> terms of config flexibility.
Thanks, I came to the conclusion that squid will be the best fit.
--
Steve Szmidt
"To enjoy the right of political self-government, men must be
capable of personal self-government - the virtue of self-control.
A people without decency cannot be secure in its liberty.
From the Declaration Principles
