From: Juri Haberland <haberland@altus.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Redirecting wayward traffic
Date: Tue, 05 Jun 2001 15:48:02 +0000 [thread overview]
Message-ID: <marc-lartc-99175616512523@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99174669408206@msgid-missing>
David Talbot wrote:
>
> I tried what you suggested (Changing the destination to a different box) and
> it still does it to all the requests.
>
> The goal of the firewall setting is to allow access only to a few specific
> sites (in the case of the example provided amazon.com should be the only URL
> the users can get to) and all other sites should go to an internal webserver
> to tell them that they can't get to the site they're trying to go to. Does
> this make sense? Is there any way to do the DNAT only when it's not on the
> access list? (It's actually more like 100 sites I want the users to have
> access to, I narrowed down the script a bit for the example).
>
> Any ideas? This one has been killing me for awhile... I know it's possible
> because I've seen networks that behave like this.
What about denying the direct access completely and use Squid as a
transparent proxy. Then you don't need a seperate web server for the
error page because Squid can generate customized error messages itself.
And you can work not only based on IP addresses but also with regex for
the URLs that you want to deny (or allow - it's up to you).
Juri
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-06-05 15:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-06-05 13:09 [LARTC] Redirecting wayward traffic David Talbot
2001-06-05 14:55 ` Adrian Chung
2001-06-05 15:12 ` David Talbot
2001-06-05 15:48 ` Juri Haberland [this message]
2001-06-05 16:06 ` Adrian Chung
2001-06-05 16:20 ` David Talbot
2001-06-05 16:39 ` Adrian Chung
2001-06-05 16:43 ` Juri Haberland
2001-06-05 21:18 ` David Talbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-99175616512523@msgid-missing \
--to=haberland@altus.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox