I have my dns and dhcp server installed and configured but when i connect my other computer it doesnt get an ip from dhcp server. the computer is connected directly on the server for testing.
what should be the problem?
guys ive already configure all of the servers that i've wanted ;
the only problem is how can i use the squid on dhcp server?.
I made a script and make it executable.
#!/bin/sh # Squid server IP SQUID_SERVER="10.0.0.1" # Interface connected to Internet INTERNET="eth0" # Address connected to LAN LOCAL="10.0.0.0/24" # Squid port SQUID_PORT="3128" # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Enable Forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE iptables -A FORWARD -s $LOCAL -j ACCEPT # unlimited access to LAN iptables -A INPUT -s $LOCAL -j ACCEPT iptables -A OUTPUT -s $LOCAL -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -s $LOCAL -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT #open everything iptables -A INPUT -i $INTERNET -j ACCEPT iptables -A OUTPUT -o $INTERNET -j ACCEPT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP
They say that this will finish the deal. But still failed
I can still access the facebook
thanks in advance guys
You can block facebook using regular expressions in squid. Basically, squid checks the request to see if facebook appears, and if it does, it blocks the request. Read here http://wiki.squid-cache.org/SquidFaq/SquidAcl in the section "How do I implement an ACL ban list?" and "How can I block access to porn sites?"
As for the script, I'm having a hard time reading it. Anyway, I would suggest creating a ruleset for iptables and saving it somewhere. First set up the rules, then create a save file, the reload the save file every time the server starts:
To autoload iptables during booting, create an executable script in /etc/network/if-pre-up.d/ as shown below:Code:#save your iptables config iptables-save > /path/to/iptables/save/file #to reload iptables save file iptables-restore < /path/to/iptables/save/file
Code:#!/bin/bash iptables -F iptables-restore < /path/to/iptables/save/file exit 0
thanks all !!! I'ts already working specially to sensei for sticking on me and have a lots of patience thanks all
oh oh.. the https is open again
Did you try to block port 443 with iptables?
I don't see any rule in that mess of text that refers to HTTPS traffic. Blocking that is a whole other ball game since trying to do it with squid will generate complaints about "man-in-the-middle" attacks. You have to either disable HTTPS entirely by blocking requests to port 443, or blocking requests to selected remote sites.