192.168.100.200 is my router IP
192.168.100.213 is my proxy server

i was setup the proxy and got some ACL inside but still got some error
in user site i point to proxy server it follow the ACL policy,when i point to router IP it also can access internet
i want user all point to my proxy server, even user change the gateware to 192.168.100.200 also c't access the internet and must point to proxy tat can access, how to do it?
thx thx

If your router has build firewall capabilities then a rule can be setup to accept packets only from IP xx.xx.xx.213 and MAC address thus prevent ARP spoofing

This post has been edited by debiankl: Feb 25 2005, 07:34 PM

ths proble i was solve
but how to add ACL to squid to allow user recive and send mail
etc: is use mail.abc.com.my in smtp and pop3
i was try add smtp and pop3 port number in squid and with the name mail.abc.com.my
but why i can get the mail form mail.abc.com.my???i use MS outlook
how to solve it ???

IF I.........
I would block port 80 from LAN and only open port 3128(squid/squidguard), 25(smtp) and 110(pop)..............using firewall..........newer firestarter can do port forwarding.....open/block port for LAN.



This post has been edited by oshiri: Feb 26 2005, 12:16 AM

I assumed that the MS Outlook SMTP and POP setting has IP address of a SMTP/POP3 servers and not Proxy Server. If so, SMTP/POP protocol packets will not be attended by Proxy Server however MS outlook should be receiving/send email though. Proxy Server will would only accept input from port 3128 (default) and http protocol only.

Do have problem telnet into SMTP/POP server from Windows PC..

telnet <ip address of SMTP> 25 or 110 from Windows clients return error message instead of SMTP welcome header.

is it mean i need find out my mail server IP and key in the IP and the port number to my squid??

I assumed that your server has SMTP, POP and Squid proxy services running. FYI Squid proxy server support of Http protocol only for web cache only.

tat mean i c't recive mail by pass the proxy server?if want it how to do it?acully IE can point to prosy server, but this is too simply and let user disable it. so i set the default gateway point to proxy server.

and i find some etc abt the recive mail by squid
but i no v understand the cmd line
pls help me

acl cudeso_lan src 192.168.1.0/255.255.255.0
http_access allow cudeso_lan
acl extern_cudeso dstdomain www.cudeso.be
never_direct deny extern_cudeso
acl local-servers dstdomain cudeso.be
acl all src 0.0.0.0/0.0.0.0
never_direct deny local-servers
never_direct allow all

The thing is .........smtp/pop don't go through proxy.
They're using different protocol and different port from proxy.
It's up to your server's firewall.........to open port 25 and port 110.........any filtering will be done by mailserver.
Squid or any other webproxy just caching and filtering http protocol.

you need to install imap and fetchmail at the server to help you download the email than only to your pc. (i found this in official redhat forum)