Re: OT: Squid or iptables or something else?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 24, 2004 at 10:49:56AM +0800, Ow Mun Heng wrote:
> On Fri, 2004-12-24 at 07:58, Cameron Simpson wrote:
> > On 11:35 23 Dec 2004, Kanwar Ranbir Sandhu <m3freak@xxxxxxxxxx> wrote:
....
> > | I have a client that wants to restrict access to the Internet to only
> > | one website for every employee, except two people: these two should not
> > | be restricted at all.
> > | 
> > | I was at first considering using iptables, but after doing some
> > | searching on the net, I discovered that Squid could be used.  
> > | 
> > | Which approach would be better?
> > 
> > Squid. Much easier to configure and maintain.
> > Just set up iptables enough so that everyone must use the squid to get out.
> 
> I second that..
> Just set up a rule for redirecting all www traffic to squid and get
> some sort of authenticating done. Either that or, limit by IP

With one caution.  A firewall/iptables can restrict connections to one
box.  Restricting users that have access to this 'squid' box is not
very easy.  Those with accounts on the firewall or on the squid/ proxy
box are harder to constrain.

Since you have a short list of privileged folk you might set them up
with a dedicated proxy at a different port number.  i.e. open up port
80 and 443 to the one site for all except the squid service then set
up the squid server for the rest of the world.  If your user community
is 'large', this way only the two user need special setup and
training.



-- 
	T o m  M i t c h e l l 
	spam unwanted email.
	SPAM, good eats, and a trademark of  Hormel Foods.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux