RH Linux 7.3, 2.4 Kernel I am trying to force all of my LAN users to go through a SQUID (2.4Stable1) proxy I have setup. And I thought I would be able to use iptables to deny services to all asking for PORT 80 or 8080 for web browsing. They should be using SQUID (certain IP, certain port # given) for that. For all other ports, I would only allow certain IP addresses or certain MAC addresses to go through. 1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing? 2. For non-web browsing activities, can I also restrict non-allowed MAC or IPs? Please give me or point me towards some specific examples on these two tasks if you would. Thanks
Martin A. Brown
2002-Dec-27 15:12 UTC
Re: restricting MAC or IPs using IPTABLES in Linux 7.3
Shaheen, You will probably be able to take some instructive hints from the LARTC Squid cookbook example, even if you are not going to do exactly as the recipe suggests. http://lartc.org/howto/lartc.cookbook.squid.html This brief post should be a start for you: http://mailman.ds9a.nl/pipermail/lartc/2001q2/001275.html And don''t forget to search the archives for the MAC address topics related to your question: http://www.google.com/search?q=site%3Amailman.ds9a.nl+mac+iptables Good luck, -Martin : RH Linux 7.3, 2.4 Kernel : : I am trying to force all of my LAN users to go through a SQUID (2.4Stable1) proxy I have setup. And I thought I would be able to use iptables to deny services to all asking for PORT 80 or 8080 for web browsing. They should be using SQUID (certain IP, certain port # given) for that. : : For all other ports, I would only allow certain IP addresses or certain MAC addresses to go through. : : 1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing? : 2. For non-web browsing activities, can I also restrict non-allowed MAC or IPs? : : Please give me or point me towards some specific examples on these two tasks if you would. Thanks -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
deepak singhal
2002-Dec-28 04:45 UTC
Re: restricting MAC or IPs using IPTABLES in Linux 7.3
<P>This can be achieved with a combination of souce based routing ( Source IP and MAC based) with combination of iptables rules.</P> <P>Deepak Singhal<BR><BR>----- Original Message -----<BR>From: "Shaheen Hossain" <SHAHEEN@O2OSOFT.COM><BR>Date: Fri, 27 Dec 2002 19:13:45 +0600 <BR>To: <LARTC@MAILMAN.DS9A.NL><BR>Subject: [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3<BR><BR></P> <META content="MSHTML 6.00.2800.1106" name=GENERATOR> <STYLE></STYLE> <DIV><FONT face=Arial size=2> <DIV><FONT face=Arial size=2>RH Linux 7.3, 2.4 Kernel</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>I am trying to force all of my LAN users to go through a SQUID (2.4Stable1) proxy I have setup. And I thought I would be able to use iptables to deny services to all asking for PORT 80 or 8080 for web browsing. They should be using SQUID (certain IP, certain port # given) for that. </FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>For all other ports, I would only allow certain IP addresses or certain MAC addresses to go through.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing?</FONT></DIV> <DIV><FONT face=Arial size=2>2. For non-web browsing activities, can I also restrict non-allowed MAC or IPs?</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Please give me or point me towards some specific examples on these two tasks if you would. Thanks</FONT></DIV></FONT></DIV> -- <p>_______________________________________________<br> Sign-up for your own FREE Personalized E-mail at <a href="http://www.mail.com/?sr=signup" target="_new"><font color="#0000FF"> Mail.com</font></a><br><br> <a href="http://corp.mail.com/lavalife" target="_blank">Meet Singles</a> </p> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/