Re: [squid-users] ACL control over 2 private subnet and 1 public subnet

From: Lim Seng Chor <[email protected]>
Date: Mon, 7 Jan 2002 12:24:10 +0800

Is that possible if I do it in this way:

configure a squid at my NAT gateway listening to the private IP interface and just to do
the ACL control and passing the allowed http access to my squid box in DMZ?

Please advise. Thanks.

On 7 Jan 2002 at 4:45, Henrik Nordstrom wrote:

> If you are using NAT to hide the users IP addresses before they reach
> Squid, then Squid will have a very hard time basing access on such
> information as it plain is not available.
>
> I think you should consider using authentication, requiring the users
> to log in to the proxy service to reach the Internet. This way you can
> base access controls on username, no matter what station they are
> currently using.
>
> Regards
> Henrik Nordstr�m
> Squid Developer
>
>
> On Sunday 06 January 2002 16.42, Lim Seng Chor wrote:
> > Hi,
> >
> > I have 2 subnets using private ip address and 1 subnet using public
> > ip address (in fact it is DMZ). My squid box located at DMZ network
> > but i find it very hard to generate the ACL to control my clients'
> > http access coming from the private networks since the connections
> > from the clients to the squid box are origin from the same IP which
> > is the interior gateway IP. In this case, is there anyway I can
> > restrict the http access based on client hostname or private ip
> > address. Thank you for your help.
>
> --
> MARA Systems AB, Giving you basic free Squid support
> Customized solutions, packaged solutions and priority support
> available on request
Received on Sun Jan 06 2002 - 21:09:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST