[squid-users] block file download
Hi everyone, I was just searching on how to block file download through squid and got my hands on the code below. I implemented it on my linux server [suse 10 - squid 2.5] and it worked. I have read many querries in this forum regd this same issue so posting it for everyone. Amit Ash acl extndeny url_regex -i /etc/squid/extndeny acl download method GET http_access deny extndeny download http_access deny extndeny[/code:1:81117a2bfd] -save and close -- Now lets create extndeny file ..this is the list of file extensions which we are blocking in SQUID. make a file and add these file extensions vi /etc/squid/extndeny -- \.ez$ \.hqx$ \.cpt$ \.dot$ \.wrd$ \.bin$ \.dms$ \.lha$ \.lzh$ \.ace$ \.r00$ \.r01$ \.exe$ \.wp5$ \.wk$ \.wz$ \.vcd$ \.bz2$ \.deb$ \.dvi$ \.tar$ \.gtar$ \.tgz$ \.gz$ \.bat$ \.rpm$ \.spm$ \.zip$ \.mid$ \.midi$ \.kar$ \.mpga$ \.mp2$ \.mp3$ \.ra$ \.dl$ \.fli$ \.gl$ \.mpe$ \.mpeg$ \.mpg$ \.qt$ \.mov$ \.avi$ \.movie$ \.wav$ \.au$ \.asf$ \.af$ \.bin$ \.gz$ \.bz2$ \.asx$ \.afx$ \.asf$ \.asx$ \.au$ \.avi$ \.divx$ \.m3u$ \.mov$ \.mp2$ \.mp3$ \.mpeg$ \.mpg$ \.qt$ \.ra$ \.ram$ \.rm$ \.viv$ \.vivo$ \.vob$ \.vqf$ \.wav$ \.wma$ \.wmv$ \.vbs$ \.shs$ \.pif$ \.wpm$ \.wvx$ Now restart squid
[squid-users] how to allow only some users to access yahoo messenger
Hi members, I have squid 2.5 running on suse linux 10.0. my users login into their workstations through active directory on windows 2003 server. Is there anyway i can allow or block users from accessing yahoo messenger specifically based on the username with which they have logged-in in their workstations. Amit Ash
[squid-users] error accessing ftp site
Hi, I have recently installed configured squid proxy on suse 10. rest all is working fine but whenever i try to open any ftp site, it shows me this error: - An error occured while opening that folder on the ftp server. make sure you have permission to access that folder. details: 200 switching to ASCII mode 500 illegal port command 500 unknown command Please guide me and thanks in advance. Amit Ash
Re: [squid-users] NAT on suse linux 10.0
Hi, I made a new script file in /etc/init.d by the filename rc.ipmasq with the following script in it - #!/bin/sh IPTABLES=/sbin/iptables $IPTABLES -F -t nat $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE echo 1 /proc/sys/net/ipv4/ip_forward - After this i ran the insserv rc.ipmasq command which gave no errors but still NAT wont work, it shows no output in the command iptables -L -t nat either. however it gives me this error msg when i type this command:- linux:~ # /etc/init.d/rc.ipmasq /etc/init.d/rc.ipmasq: line 2: IPTABLES: command not found /etc/init.d/rc.ipmasq: line 3: -F: command not found /etc/init.d/rc.ipmasq: line 4: -A: command not found I am unable to understand, why it wont accept this code. Amit Ash. - Original Message - From: Peter Albrecht [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Wednesday, January 25, 2006 8:31 AM Subject: Re: [squid-users] NAT on suse linux 10.0 Hi Amit, I have just installed and configured Squid proxy service on Suse Linux 10.0. It is working fine but I also need to configure NAT so that my users can download their emails in Outlook. To achieve that I have added these lines in the /etc/sysctl.conf net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT The last two lines will not work. /etc/sysctl.conf does not understand this syntax (only the first of the lines you listed). Put the iptables rules in a separate script in /etc/init.d/ and create the symbolic links in the corresponding runlevel directories using insserv. A template for the script is /etc/init.d/skeleton. But still the NAT doesnt work on this server. Please direct me and thanks in advance. Check the settings for the NAT table using iptables -L -t nat Just iptables -L will not show your NAT settings. Regards, Peter -- Peter Albrecht, Novell Training Services, [EMAIL PROTECTED]
[squid-users] NAT on suse linux 10.0
Hi, I have just installed and configured Squid proxy service on Suse Linux 10.0. It is working fine but I also need to configure NAT so that my users can download their emails in Outlook. To achieve that I have added these lines in the /etc/sysctl.conf net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT But still the NAT doesnt work on this server. Please direct me and thanks in advance. Amit Ash
Re: [squid-users] NAT on suse linux 10.0
On 24 Jan 2006 23:14:28 -, amit ash [EMAIL PROTECTED] wrote: Hi, I have just installed and configured Squid proxy service on Suse Linux 10.0. It is working fine but I also need to configure NAT so that my users can download their emails in Outlook. To achieve that I have added these lines in the /etc/sysctl.conf net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT But still the NAT doesnt work on this server. Please direct me and thanks in advance. Amit Ash What iptables -L -n says? -- ::DAMK:: I am attaching the output of the command in the txt file in this mail. Amit. Amit Ash IT Dept. Excel Infoways Pvt Ltd. Work: +91-022-26394246 Fax: +91-022-26394248 Cell: +91- 9892619518 Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED input_ext all -- 0.0.0.0/00.0.0.0/0 policy match dir in pol ipsec proto 50 input_int all -- 0.0.0.0/00.0.0.0/0 input_ext all -- 0.0.0.0/00.0.0.0/0 input_ext all -- 0.0.0.0/00.0.0.0/0 LOGall -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET ' DROP all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- 0.0.0.0/00.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU forward_ext all -- 0.0.0.0/00.0.0.0/0 policy match dir in pol ipsec proto 50 forward_int all -- 0.0.0.0/00.0.0.0/0 forward_ext all -- 0.0.0.0/00.0.0.0/0 LOGall -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING ' DROP all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 state NEW,RELATED,ESTABLISHED LOGall -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR ' Chain forward_ext (2 references) target prot opt source destination ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 5 LOGtcp -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT ' LOGicmp -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT ' LOGudp -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT ' LOGall -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT-INV ' DROP all -- 0.0.0.0/00.0.0.0/0 Chain forward_int (1 references) target prot opt source destination ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED icmp type 5 LOGtcp -- 0.0.0.0/00.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP
