IP networks and net masks
David A. Bandel
david
Mon May 17 11:43:22 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 24 Jan 2003 09:25:57 -0500
begin Tim Wunder <tim at thewunders.org> spewed forth:
> I'm currently using a freesco router to access the internet. Currnetly,
> I have no controls on it for local access out to the internet. So my
> son's PC accesses the internet by using the router as the gateway. Now,
> I'd like to be able to allow only 192.168.1.2 (my PC/server) to be able
> to access the internet through my router, and to run squid and
> squid-guard (or dans guardian) on my server to control internet access.
>
> Now, freesco allows me to add IP addresses to /etc/banlist.cfg. I can
> ban a single IP address by adding the line "l,192.168.1.5", or a network
>
> by adding "l,192.168.1.0/24". Can I use a netmask other than /24 that
> would only allow 192.168.1.2 access to the 'net thru the router?
>
> Any other ideas for a means of controlling 'net access?
I don't know about Freesco. However, under iptables it's very easy to
redirect all systems attempting to bypass the Squid system back to the the
squid system.
Basically, only allow port 80 requests from squid's IP out, and redirect
all queries from other systems back to squid. No worries. I believe in
the iptables documentation they even have an example of how to set up this
very task (if not, it's in the squid docs -- I know I've seen it).
Ciao,
David A. Bandel
- --
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+MWIk3uVcotqGMQcRAukIAKC9S/jp+6OiQLxM1nbFguHeGT+4DgCfbRaL
2u1sNC3HRj8UPyER3QXSqUU=
=k0XY
-----END PGP SIGNATURE-----
More information about the Linux-users
mailing list