This is a multi-part message in MIME format.

------=_NextPart_000_0014_01C2ADDC.138AA960
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

RH Linux 7.3, 2.4 Kernel

I am trying to force all of my LAN users to go through a SQUID =
(2.4Stable1) proxy I have setup. And I thought I would be able to use =
iptables to deny services to all asking for PORT 80 or 8080 for web =
browsing. They should be using SQUID (certain IP, certain port # given) =
for that.=20

For all other ports, I would only allow certain IP addresses or certain =
MAC addresses to go through.

1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web =
browsing?
2. For non-web browsing activities, can I also restrict non-allowed MAC =
or IPs?

Please give me or point me towards some specific examples on these two =
tasks if you would. Thanks
------=_NextPart_000_0014_01C2ADDC.138AA960
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>RH Linux 7.3, 2.4
Kernel</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I am trying to force all of my LAN
=
users to go=20
through a SQUID (2.4Stable1) proxy I have setup. And I thought I would =
be able=20
to use iptables to deny services to all asking for PORT 80 or 8080 for =
web=20
browsing. They should be using SQUID (certain IP, certain port # given) =
for=20
that. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>For all other ports, I would only
allow =
certain IP=20
addresses or certain MAC addresses to go through.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>1. Can I force (allowable MAC or
IPs) =
to use proxy=20
(SQUID) for web browsing?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>2. For non-web browsing activities,
can =
I also=20
restrict non-allowed MAC or IPs?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Please give me or point me towards
some =
specific=20
examples on these two tasks if you would.=20
Thanks</FONT></DIV></FONT></DIV></BODY></HTML>

------=_NextPart_000_0014_01C2ADDC.138AA960--

Shaheen,

You will probably be able to take some instructive hints from the LARTC
Squid cookbook example, even if you are not going to do exactly as the
recipe suggests.

  http://lartc.org/howto/lartc.cookbook.squid.html


This brief post should be a start for you:

  http://mailman.ds9a.nl/pipermail/lartc/2001q2/001275.html


And don't forget to search the archives for the MAC address topics related
to your question:

  http://www.google.com/search?q=site%3Amailman.ds9a.nl+mac+iptables

Good luck,

-Martin

 : RH Linux 7.3, 2.4 Kernel
 :
: I am trying to force all of my LAN users to go through a SQUID (2.4Stable1)
proxy I have setup. And I thought I would be able to use iptables to deny
services to all asking for PORT 80 or 8080 for web browsing. They should be
using SQUID (certain IP, certain port # given) for that.
 :
: For all other ports, I would only allow certain IP addresses or certain MAC
addresses to go through.
 :
 : 1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing?
: 2. For non-web browsing activities, can I also restrict non-allowed MAC or
IPs?
 :
: Please give me or point me towards some specific examples on these two tasks
if you would. Thanks

--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com