From owner-freebsd-questions Mon Jan 29 23:27: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from siafu.iconnect.co.ke (upagraha.iconnect.co.ke [209.198.248.2]) by hub.freebsd.org (Postfix) with ESMTP id 0DCAF37B698 for ; Mon, 29 Jan 2001 23:26:37 -0800 (PST) Received: from [64.110.74.50] (helo=poeza.iconnect.co.ke) by siafu.iconnect.co.ke with esmtp (Exim 2.12 #1) id 14NV9t-0009Le-00; Tue, 30 Jan 2001 10:24:59 +0300 Received: from wash by poeza.iconnect.co.ke with local (Exim 3.20 #1) id 14NVC4-0000G5-00; Tue, 30 Jan 2001 10:27:12 +0300 Date: Tue, 30 Jan 2001 10:27:12 +0300 From: Odhiambo Washington To: Yavuz Maslak Cc: FBSD-Q Subject: Re: a question Message-ID: <20010130102712.A564@poeza.iconnect.co.ke> Mail-Followup-To: Odhiambo Washington , Yavuz Maslak , FBSD-Q References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from "Yavuz Maslak" on Tue, Jan 30, 2001 at 08:35:13AM +0200 X-Operating-System: FreeBSD poeza.iconnect.co.ke 4.2-STABLE FreeBSD 4.2-STABLE X-Location: Mombasa, KE, East Africa Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Yavuz Maslak [20010130 09:37]: writing on the subject 'a question' Yavuz> Hello there Yavuz> Yavuz> I use squid2.3stable4 as proxy server on FreeBSD Yavuz> How can I restrict some users reach to internet ? You can use the 'acl' (access control list) for this. I am assuming that you have only a few addresses to manage on your LAN. If you have blocks of IPs it is still okay. I use the rule below to conrol access. acl ic src 212.22.160.0/19 209.198.248.0/255.255.255.240 64.110.74.48/28 http_access allow ic o Define an ACL o Deny that acl access For example I do not want 192.168.0.33 192.168.0.40 and 192.168.0.55 to access the Internet via Squid, so I do acl bad_guys src 192.168.0.33 192.168.0.40 192.168.0.55 http_access deny bad_guys Save the changes (you were editing /usr/local/etc/squid/squid.conf) and then give the daemon a SIGHUP kill -HUP 'cat /var/run/squid.pid' Hey, do you have an upstream proxy at your provider? You cant tell squid to connect via a cascade and that would be cool! If your ISP's proxy is w.x.y.z and they use the standard port 3128, you can make your browsing faster with this rule... cache_peer w.x.y.z parent 3128 3130 default no-query Yavuz> Where will I have to put users and passwords of some users in squid.conf ? Yavuz> Also for example can I restrict some PC's according to its mac addresses ? Please read the documentation from http://squid-docs.sourceforge.net/latest/html/ Yavuz> Yavuz> Does ipfw.sh do it ? I know ipfw will do it but that would be the difficult way. HTH -Wash -- Odhiambo Washington | Inter-Connect Ltd., wash@iconnect.co.ke | 5th Flr Furaha Plaza Tel: 254 11 222604 | Nkrumah Rd., Fax: 254 11 222636 | PO Box 83613 MOMBASA, KE. Just about every computer on the market today runs Unix, except the Mac (and nobody cares about it). -Bill Joy 6/21/85 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message