HPE Community
Operating System - Linux
1829103 Members
5167 Online
109986 Solutions
New Discussion

squid/iptables -- plz help

 
SOLVED
Go to solution
Maaz
Valued Contributor

‎01-24-2005 05:13 AM

‎01-24-2005 05:13 AM

squid/iptables -- plz help

Hello Gurus,

on my lan i m running 10.x.x.x network.

os: rhl 9.0, squid n iptables r running.
local IP of the iptables/squid server: 10.0.0.254.

on the squid server machine(10.0.0.254)i did the following
1. echo 1 >/proc/sys/ipv4/ip_forward
2. iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ppp0 -j MASQUERADE

now clients are connected to internet via 10.0.0.254.

1) now is it possible to block yahoo messenger, and webcam ? if so how ? i mean is it the squid's matter ? or iptables are responsible to block ymessenger and ymessenger's webcam ? and HOW ?

2) how can i block all images(gif, or jpeg) on every destination, i.e. I want to block all banners/adds and other images on every website for some of my users

plz help

Thanks in Advnce.
Regards
Maaz
0 Kudos
Reply
9 REPLIES 9
Maaz
Valued Contributor

‎01-24-2005 05:33 AM

‎01-24-2005 05:33 AM

Re: squid/iptables -- plz help

...and one more question
how can i block/deny downloading for some/all of my Internet-clients only at certain time e.g in between 6:00 pm and 11:30 pm

Regards
Maaz
0 Kudos
Reply
KristofH
Frequent Advisor

‎01-24-2005 06:21 AM

‎01-24-2005 06:21 AM

Re: squid/iptables -- plz help

I recommend having a look at shorewall (for example), wich will do alot of things for you..

http://www.shorewall.net

Blocking images has to be done in squid, I guess you'll find the answer to that pretty fast if you have a look at the squid docs or do a google-search.

Cheers!

0 Kudos
Reply
Maaz
Valued Contributor

‎01-24-2005 04:28 PM

‎01-24-2005 04:28 PM

Re: squid/iptables -- plz help

Hi Kristof Hardy
Many Thanks for ur prompt reply.

I m reading squid docs but no success yet .. i.e. i didnt find any help from squid doc to block images
I'll try my best to work on shorewall.



0 Kudos
Reply
Maaz
Valued Contributor

‎01-24-2005 04:33 PM

‎01-24-2005 04:33 PM

Re: squid/iptables -- plz help

still eagerly looking forward for more help/reply
0 Kudos
Reply
Oliver Schwank
Valued Contributor

‎01-24-2005 07:11 PM

‎01-24-2005 07:11 PM

Solution

Re: squid/iptables -- plz help

Hello,

you need some additional tools for squid. I use to block advertisments:

http://www.zaplet.org/adzapper/

To block more traffic in different ways, use:

http://dansguardian.org/

There are more of these programs out there, one is called squidguard. You can find them on freshmeat.net. They all integrate in squid.

I use adzapper (it is integrated in my Debian distribution) and find it totally sufficient.

Bye

Oli
Reply
Muthukumar_5
Honored Contributor

‎01-24-2005 10:13 PM

‎01-24-2005 10:13 PM

Re: squid/iptables -- plz help

when squid is running with ip-tables, blocking yahoo messenger and webcam. We have to work with iptables to block yahoo messenger server ip-address. Same thing to y! messenger webcam.

we can block images as,
acl image urlpath_regex \.gif$ \.jpeg$
http_access deny image

To effectively make this, use dansguardian opensource tool to block banner/adds and images.

hth.

Easy to suggest when don't know about the problem!
Reply
Maaz
Valued Contributor

‎01-25-2005 06:12 AM

‎01-25-2005 06:12 AM

Re: squid/iptables -- plz help

Dear Oli I m highly thankful to u for the help, squidguard and dansguardian are both excellent.

Dear Muthukumar thanks a Million for the help. One more question ... is it necessarry to write a $ sign after gif and jpeg as in 'acl image urlpath_regex \.gif$ \.jpeg$'

I once reading the squid docs there i found like
acl blkurl url_regex ^http://www.i.com/foo.html$
i wana know... is it necessary to write a '^' Sign b4 the url and a $ sign at the end of the url ?

Thanks
Regards
Maaz
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎01-27-2005 02:29 AM

‎01-27-2005 02:29 AM

Re: squid/iptables -- plz help

acl type urlpath_regex is based on regular expression. To make a 100% correct match we have to use appropriate regular strings for that.

^ (cap) -- used to give the starting of the string pattern

$ (end) -- Used to indicate the end of string patter to be used.

. (dot) -- It is a wild-card character on shell so that \ used to deactivate it's wild-card functionality and give normal meaning to . (dot).

To filter .gif,.jpeg files then,

\.gif$ \.jpeg$ is needed.

You can get to know by using regular expression man page.

hth.
Easy to suggest when don't know about the problem!
Reply
Maaz
Valued Contributor

‎01-27-2005 05:12 AM

‎01-27-2005 05:12 AM

Re: squid/iptables -- plz help

Nice Help/explanation Dear Muthukumar.

Thanx
Regards
Maaz
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.