Hi have a server at eth2 with IP 202.51.176.42 and share the network into eth0 with 192.168.10.1. I try to block all user to access facebook. So that i install squid proxy server at 202.51.176.42 in this way:

In "/etc/squid/squid.conf" file i add this line:

Code:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
visible_hostname host.domain.com
acl lan src 202.51.176.42 192.168.10.1/24
acl localhost src 127.0.0.1/32
http_access allow localhost
http_access allow lan
acl BLACKLIST_DOMAINS dstdom_regex -i "/etc/squid/blacklist_domains"
http_access deny BLACKLIST_DOMAINS
And in "/etc/squid/blacklist_domains" file i add this line:
Code:
.facebook.com
And for share the network i create "/etc/fw.proxy" file and add this line:
Code:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to  $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Then i do this:
Code:
chmod +x /etc/fw.proxy
/etc/fw.proxy
service iptables save
chkconfig iptables on
/etc/init.d/squid restart
chkconfig squid on
Then is successfully run the squid server. And i get all the network share. But when i try to access any website, i cannot able to do it. Can any one tell me how can i solve this problem.