Originally Posted by RedDevil
Easiest way for a !linux person to describe what I have setup is:
I have a box with Centos5 loaded. I then in turn have Webmin installed for a more windows based experience. I've installed Squid 2.6, and have it configured to act as the gateway for my network. What I'm trying to accomplish is to filter the websites employees are browsing to. I'm sick of them surfing Myspace all day, the problem I'm running into is the ACL's; I've tried to configure a few simple ACL's and have zero luck with them actively blocking websites( i.e. Myspace)
Do you have the clients setup to use the squid proxy, or are you attempting to do transparent proxying. The reason I ask, is to see if you have an issue with your iptables setup, or with your squid setup.
1) Have the Linux box setup with iptables, as a default route on the network, so that all external network traffic flows through it. The iptables setup redirects connections to port 80 (HTTP) to your squid proxy running on the same box. The squid proxy then uses the ACLs to allow/disallow access to websites.
2) You have each client setup to use the squid proxy as a Proxy. Requires configuring the browser for the squid proxy. NAT is disabled for the network, so the default route won't allow the clients to connect out to the internet directly. Without the proxy definition, no access to the internet is allowed.
With #1, you'll need to make sure that packets are hitting the squid proxy, and that your iptables entries are working they way you think they are. Next, you'll need to make sure that your ACLs are working in squid the way you think they are.
For #2, it's fairly easy to point to squid and the ACL configuration.
So with that, I'll post up an example squid configuration that should do what you want.