Date: Tue, 30 Jan 2001 10:27:12 +0300 From: Odhiambo Washington <wash@iconnect.co.ke> To: Yavuz Maslak <ymmaslak@hotmail.com> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: a question Message-ID: <20010130102712.A564@poeza.iconnect.co.ke> In-Reply-To: <OE71rKoUhTewrYSXoZl00000e04@hotmail.com>; from "Yavuz Maslak" on Tue, Jan 30, 2001 at 08:35:13AM %2B0200 References: <OE71rKoUhTewrYSXoZl00000e04@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Yavuz Maslak <ymmaslak@hotmail.com> [20010130 09:37]: writing on the subject 'a question' Yavuz> Hello there Yavuz> Yavuz> I use squid2.3stable4 as proxy server on FreeBSD Yavuz> How can I restrict some users reach to internet ? You can use the 'acl' (access control list) for this. I am assuming that you have only a few addresses to manage on your LAN. If you have blocks of IPs it is still okay. I use the rule below to conrol access. acl ic src 212.22.160.0/19 209.198.248.0/255.255.255.240 64.110.74.48/28 http_access allow ic o Define an ACL o Deny that acl access For example I do not want 192.168.0.33 192.168.0.40 and 192.168.0.55 to access the Internet via Squid, so I do acl bad_guys src 192.168.0.33 192.168.0.40 192.168.0.55 http_access deny bad_guys Save the changes (you were editing /usr/local/etc/squid/squid.conf) and then give the daemon a SIGHUP kill -HUP 'cat /var/run/squid.pid' Hey, do you have an upstream proxy at your provider? You cant tell squid to connect via a cascade and that would be cool! If your ISP's proxy is w.x.y.z and they use the standard port 3128, you can make your browsing faster with this rule... cache_peer w.x.y.z parent 3128 3130 default no-query Yavuz> Where will I have to put users and passwords of some users in squid.conf ? Yavuz> Also for example can I restrict some PC's according to its mac addresses ? Please read the documentation from http://squid-docs.sourceforge.net/latest/html/ Yavuz> Yavuz> Does ipfw.sh do it ? I know ipfw will do it but that would be the difficult way. HTH -Wash -- Odhiambo Washington | Inter-Connect Ltd., wash@iconnect.co.ke | 5th Flr Furaha Plaza Tel: 254 11 222604 | Nkrumah Rd., Fax: 254 11 222636 | PO Box 83613 MOMBASA, KE. Just about every computer on the market today runs Unix, except the Mac (and nobody cares about it). -Bill Joy 6/21/85 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010130102712.A564>