On Sunday 10 September 2006 11:15, Stuart Henderson wrote: > > I was until I finally got it that the rules are looking at IP's after - > > not before, NAT. :) > > well, same applies when you use tables :)
Yes, that's what was going on, but it took a while for me to get it. > > > If you prefer simpler and lower resource-use and don't need > > > caching, tinyproxy works nicely. > > > > I'm not sure how fine grained the control is. It needs to define allowed > > sites for different user groups (by IP). Something like this: > > 192.168.0.0/26 can access (list of web sites) > > 192.168.0.65/27 can access (list of web sites) > > 192.168.0.97/28 can access (any web site) > > You can do it with a couple of copies running and some creative > configuration (rdr to different instances of tinyproxy depending on > source address and abusing upstream proxy support), but for more > complex needs squid's probably easier. Or of course httpd has > mod_proxy and is in base and is somewhere between the two in > terms of config flexibility. Thanks, I came to the conclusion that squid will be the best fit. -- Steve Szmidt "To enjoy the right of political self-government, men must be capable of personal self-government - the virtue of self-control. A people without decency cannot be secure in its liberty. From the Declaration Principles