From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?Beno=EEt?= Rouits Subject: Re: Squid + Special group enable NAT Access Date: Wed, 21 Mar 2007 15:46:58 +0100 Message-ID: <1174488418.12661.5.camel@chimay> References: <46001F43.8090201@linuxbr.com> Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <46001F43.8090201@linuxbr.com> Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="utf-8" To: Mauricio Silveira Cc: linux-admin@vger.kernel.org You may use squid's authentication capabilities based on PAM for exampl= e and people log in squid (popup) before they can browse the net. The rules are then based on squid's rights on URLs and people. But about other protocol than http and the CONNECT query (ftp, etc...), squid will have no clue i guess. Look at nufw if you need something stronger and more powerful. http://www.nufw.org/-English-.html Le mardi 20 mars 2007 =C3=A0 14:52 -0300, Mauricio Silveira a =C3=A9cri= t : > Hi all, >=20 > I'm wondering if it is possible to make squid call an external script= or=20 > binary (even better natively) to enable NAT access to specific user g= roup. >=20 > The scenario is: I have a network where everyone should have=20 > restrictions, use the proxy to surf the Internet as is an usual squid= =20 > implementation. BUT, I need to allow full NAT access to stations, bas= ed=20 > on username, such an user would be the network admin. >=20 > EG: if a common worker logs in, no extra NAT access will be allowed,=20 > proxy only access, blocking MSN an everything else necessary. I am an= =20 > admin, inside the group "full_access" and I need full NAT access to = the=20 > world, but i need this while I'm logged to a station, no matter what=20 > station I'm logged on. Logging off will remote my NAT rights for the = IP. >=20 > Did I make myself clear? > Is it possible? Any hints? >=20 > Thanks! >=20 > Mauricio - To unsubscribe from this list: send the line "unsubscribe linux-admin" = in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html