[Nufw-users] Re: nufw and squid

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nufw-users] Re: nufw and squid

From:	Eric Leblond
Subject:	[Nufw-users] Re: nufw and squid
Date:	Fri, 11 Nov 2005 15:14:52 +0100

Le vendredi 11 novembre 2005 à 10:47 +0100, maria perez a écrit :
> Hello

> The only users i have to check are the system users, in order to achieve 
> this I have to config nuauth to does authentication against PAM, then i 
> think the module for acl must be plaintext.(although i don't understand  
> well what role acls fulfill if my acls are defined in the plugin squidguard)

you need iptables/netfilter rules to select flow that you want to
authenticate. Next, NuFW has to authorize the packet to go through. As
NuFW knows sabout users we have to tolld him which user can reach the
proxy. Thus, a storage for NuFW acl is needed. 
In you case, you can have a dummy ACL which authorize everything on port
80 for anybody. The squid will manage permission afterward.

> Is all correct?

yes :-))

BR,

Eric

> 
> Kind regards
>    Maria
> 
> >From: Eric Leblond <address@hidden>
> >To: maria perez <address@hidden>
> >CC: address@hidden
> >Subject: Re: [Nufw-users] nufw and squid
> >Date: Wed, 02 Nov 2005 11:54:53 +0100
> >
> >Le mercredi 02 novembre 2005 à 10:46 +0100, maria perez a écrit :
> > > Hi,
> > > I am new in this list.
> > > I have discovered nufw searching solutions to my problem. I have working 
> >in
> > > a tool for paternal control of the web use. We are using the proxy squid 
> >to
> > > the content filter and we need establish transparent authentication for
> > > users  at the same time the proxy works in transparent manner.
> > > I have read nufw offer these capacitys with the module 
> >squid-nufw-helper. If
> > > i am not in a mistake about with nufw is possible squid works like
> > > transparent proxy and offer transparent authenticacion to the system 
> >users.
> > > The idea is squid run in the same host, (like local proxy), with 
> >squidguard
> > > to filter the web traffic.
> > > Have you any notice about similar attempt?
> >
> >Yes, it is a setup that we already thought of and I think some people
> >have work to achieve this.
> >
> > > How does it work nufw with squid?
> >
> >You need to use the SQL database event storage and set up
> >squid-nufw-helper.
> >
> > > Could you to guide me in this direction?
> >
> >The main idea is that you have to put filtering rules in PREROUTING|
> >mangle as the filtering needs to occur before the NAT is done.
> >If you do filtering in FORWARD the destination of the packet will be
> >changed and the nufw client will send erroneous packet.
> >
> > > Thank you in advance for your attention, and excuse me my irregular 
> >english.
> >
> >No problem, I'm not a native speaker too ;-)
> >
> >Don't hesitate to mail back if you need more details.
> >
> >BR,
> >--
> >Eric Leblond <address@hidden>
> >
> 
> _________________________________________________________________
> Descubre la descarga digital con MSN Music. Más de medio millón de 
> canciones. http://music.msn.es/
>

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-users] nufw and squid, maria perez, 2005/11/02
- Re: [Nufw-users] nufw and squid, Eric Leblond, 2005/11/02
  - [Nufw-users] nufw and squid, maria perez, 2005/11/11
    - [Nufw-users] Re: nufw and squid, Eric Leblond <=

Prev by Date: [Nufw-users] nufw and squid
Next by Date: [Nufw-users] Re: nufw and squid
Previous by thread: [Nufw-users] nufw and squid
Next by thread: [Nufw-users] Re: nufw and squid
Index(es):
- Date
- Thread