niels@wxn.nl
2003-Apr-02 06:00 UTC
[Shorewall-users] Blocking access to the net but allowing squ id
I think you need this in your rules file ACCEPT fw net www Anyway.. if you don''t want your users to access the net via NAT, Why don''t you just disable masquerading :-) (check /etc/shorewall/masq) Niels. -----Original Message----- From: Stephen Gloor [mailto:sgloor@p086.aone.net.au] Sent: 02 April 2003 15:49 To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Blocking access to the net but allowing squid I thought I had this worked out. I wish to force users on my LAN to use a Squid server to access the Internet. I am using the Bering LEAF single disk firewall with a standard 2 interface shorewall configuration. I have modified the line in my policy file local net ACCEPT to local net REJECT and then put this line in the rules file ACCEPT 192.168.1.1 net www (obviously 192.168.1.1 is the squid server) I don''t think this is OK as it is not working. Can anyone suggest a better method? I was thinking maybe I could define a zone squid. Thanks _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
niels@wxn.nl
2003-Apr-02 06:06 UTC
[Shorewall-users] Blocking access to the net but allowing squ id
And ofcourse it''s ACCEPT fw net tcp www :-) -----Original Message----- From: Niels Oorthuizen Sent: 02 April 2003 15:59 To: ''Stephen Gloor'' Cc: ''shorewall-users@lists.shorewall.net'' Subject: RE: [Shorewall-users] Blocking access to the net but allowing squid I think you need this in your rules file ACCEPT fw net www Anyway.. if you don''t want your users to access the net via NAT, Why don''t you just disable masquerading :-) (check /etc/shorewall/masq) Niels. -----Original Message----- From: Stephen Gloor [mailto:sgloor@p086.aone.net.au] Sent: 02 April 2003 15:49 To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Blocking access to the net but allowing squid I thought I had this worked out. I wish to force users on my LAN to use a Squid server to access the Internet. I am using the Bering LEAF single disk firewall with a standard 2 interface shorewall configuration. I have modified the line in my policy file local net ACCEPT to local net REJECT and then put this line in the rules file ACCEPT 192.168.1.1 net www (obviously 192.168.1.1 is the squid server) I don''t think this is OK as it is not working. Can anyone suggest a better method? I was thinking maybe I could define a zone squid. Thanks _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm