Results 1 to 1 of 1
Hi have a server at eth2 with IP 202.51.176.42 and share the network into eth0 with 192.168.10.1. I try to block all user to access facebook. So that i install ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-28-2011 #1Just Joined!
- Join Date
- Dec 2011
- Posts
- 1
Try to block some website with squid
Hi have a server at eth2 with IP 202.51.176.42 and share the network into eth0 with 192.168.10.1. I try to block all user to access facebook. So that i install squid proxy server at 202.51.176.42 in this way:
In "/etc/squid/squid.conf" file i add this line:
And in "/etc/squid/blacklist_domains" file i add this line:Code:httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on visible_hostname host.domain.com acl lan src 202.51.176.42 192.168.10.1/24 acl localhost src 127.0.0.1/32 http_access allow localhost http_access allow lan acl BLACKLIST_DOMAINS dstdom_regex -i "/etc/squid/blacklist_domains" http_access deny BLACKLIST_DOMAINS
And for share the network i create "/etc/fw.proxy" file and add this line:Code:.facebook.com
Then i do this:Code:iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP
Then is successfully run the squid server. And i get all the network share. But when i try to access any website, i cannot able to do it. Can any one tell me how can i solve this problem.Code:chmod +x /etc/fw.proxy /etc/fw.proxy service iptables save chkconfig iptables on /etc/init.d/squid restart chkconfig squid on
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
