Question on Access Plans on Firewall (Kind of like an ISP)
Bob Edwards
Robert.Edwards at anu.edu.au
Mon Jan 21 16:48:43 EST 2002
Alex Satrapa wrote:
>
> On Monday, January 21, 2002, at 03:56 , Bob Edwards wrote:
>
> > Squid also may save you some of your MB usage in any case, so your
> > brother
> > can do more surfing for the same MB limit (then again, maybe not).
>
> Only if Dad has already visited those pr0n sites to download the images
> through the cache...
>
> Using Squid, you can have time based access control lists
> (http://squid.visolve.com/squid24s1/access_controls.htm).
>
> However, to make use of those, you'll have to block of at least port 80
> at the firewall, so people can't bypass the proxy server. This will
> break some applications that don't know how to use a proxy.
>
> HTH.
> Alex
Yep, I think this is the right way to do it.
The squid will give better performance even for web-pages that are being
constantly re-visited by the same user, but in different sessions etc.
Yes, you will need to block port 80 at the gateway, at least for the IP
address that your brothers machine is using. I haven't seen any problem
with doing this - I am not sure which applications you are referring to
that don't know how to use a proxy.
Another option is to set squid up as a transparent proxy.
The squid ACLs will allow you to specify different access regimes for
different users.
Cheers,
Bob Edwards.
More information about the linux
mailing list