* [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3
@ 2002-12-27 13:13 Shaheen Hossain
2002-12-27 15:12 ` Martin A. Brown
2002-12-28 4:45 ` deepak singhal
0 siblings, 2 replies; 3+ messages in thread
From: Shaheen Hossain @ 2002-12-27 13:13 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 677 bytes --]
RH Linux 7.3, 2.4 Kernel
I am trying to force all of my LAN users to go through a SQUID (2.4Stable1) proxy I have setup. And I thought I would be able to use iptables to deny services to all asking for PORT 80 or 8080 for web browsing. They should be using SQUID (certain IP, certain port # given) for that.
For all other ports, I would only allow certain IP addresses or certain MAC addresses to go through.
1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing?
2. For non-web browsing activities, can I also restrict non-allowed MAC or IPs?
Please give me or point me towards some specific examples on these two tasks if you would. Thanks
[-- Attachment #2: Type: text/html, Size: 1454 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3
2002-12-27 13:13 [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3 Shaheen Hossain
@ 2002-12-27 15:12 ` Martin A. Brown
2002-12-28 4:45 ` deepak singhal
1 sibling, 0 replies; 3+ messages in thread
From: Martin A. Brown @ 2002-12-27 15:12 UTC (permalink / raw)
To: lartc
Shaheen,
You will probably be able to take some instructive hints from the LARTC
Squid cookbook example, even if you are not going to do exactly as the
recipe suggests.
http://lartc.org/howto/lartc.cookbook.squid.html
This brief post should be a start for you:
http://mailman.ds9a.nl/pipermail/lartc/2001q2/001275.html
And don't forget to search the archives for the MAC address topics related
to your question:
http://www.google.com/search?q=site%3Amailman.ds9a.nl+mac+iptables
Good luck,
-Martin
: RH Linux 7.3, 2.4 Kernel
:
: I am trying to force all of my LAN users to go through a SQUID (2.4Stable1) proxy I have setup. And I thought I would be able to use iptables to deny services to all asking for PORT 80 or 8080 for web browsing. They should be using SQUID (certain IP, certain port # given) for that.
:
: For all other ports, I would only allow certain IP addresses or certain MAC addresses to go through.
:
: 1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing?
: 2. For non-web browsing activities, can I also restrict non-allowed MAC or IPs?
:
: Please give me or point me towards some specific examples on these two tasks if you would. Thanks
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3
2002-12-27 13:13 [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3 Shaheen Hossain
2002-12-27 15:12 ` Martin A. Brown
@ 2002-12-28 4:45 ` deepak singhal
1 sibling, 0 replies; 3+ messages in thread
From: deepak singhal @ 2002-12-28 4:45 UTC (permalink / raw)
To: lartc
<P>This can be achieved with a combination of souce based routing ( Source IP and MAC based) with combination of iptables rules.</P>
<P>Deepak Singhal<BR><BR>----- Original Message -----<BR>From: "Shaheen Hossain" <SHAHEEN@O2OSOFT.COM><BR>Date: Fri, 27 Dec 2002 19:13:45 +0600 <BR>To: <LARTC@MAILMAN.DS9A.NL><BR>Subject: [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3<BR><BR></P>
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>RH Linux 7.3, 2.4 Kernel</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I am trying to force all of my LAN users to go through a SQUID (2.4Stable1) proxy I have setup. And I thought I would be able to use iptables to deny services to all asking for PORT 80 or 8080 for web browsing. They should be using SQUID (certain IP, certain port # given) for that. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>For all other ports, I would only allow certain IP addresses or certain MAC addresses to go through.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1. Can I force (allowable MAC or IPs) to use proxy (SQUID) for web browsing?</FONT></DIV>
<DIV><FONT face=Arial size=2>2. For non-web browsing activities, can I also restrict non-allowed MAC or IPs?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Please give me or point me towards some specific examples on these two tasks if you would. Thanks</FONT></DIV></FONT></DIV>
--
<p>_______________________________________________<br>
Sign-up for your own FREE Personalized E-mail at <a href="http://www.mail.com/?sr=signup" target="_new"><font color="#0000FF"> Mail.com</font></a><br><br>
<a href="http://corp.mail.com/lavalife" target="_blank">Meet Singles</a>
</p>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-12-28 4:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-27 13:13 [LARTC] restricting MAC or IPs using IPTABLES in Linux 7.3 Shaheen Hossain
2002-12-27 15:12 ` Martin A. Brown
2002-12-28 4:45 ` deepak singhal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox