RE: [squid-users] Squid and Firewall rules

From: Elsen Marc <[email protected]>
Date: Mon, 1 Mar 2004 13:01:39 +0100

 
>
> Hi List!
>
> I'm actually working with
> squid-2.5.STABLE3 installed on a Slackware 7.2
>
> this box acts as a Gateway, Firewall and VPN(FreeSWAN)
> so I've set up my own private LAN and users
>
> It's all working fine now, Squid, Firewall, and so on,
> I just need that all users on the private LAN -MUST-
> go through the Squid-Firewall Box to surf the WEB..
>
> at the moment I've added the Transparent Proxy
> iptables rule on my Firewall settings, through which
> all traffic passing through port 80 is then redirected
> to my Squid-Firewall box, on port 3128.
>
> -- iptables -t nat -A PREROUTING -i eth1 -p tcp
> --dport 80 -j REDIRECT --to-port 3128 --
>
> But with this rule in, I get that all users, even if
> they don't set their Browsers to use a Proxy, can surf
> the WEB withouth being authenticated by Squid, but
> passing through the Proxy anyway (in fact I can see
> them on my Access.log file)
>
> what I wish to do is to set the Squid or Firewall
> settings to impose a Squid Authentication even if my
> users don't set their Browsers to use a Proxy, so
>
> USER1 Browser-configured --> Authentication = Allowed
>
> USER2 NoBrowser-configured --> Authentication or ERROR
> You are not allowed to ...
>
  You can't at least in in the squid context :

     http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.15

  M.
Received on Mon Mar 01 2004 - 05:40:56 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST