nufw-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nufw-devel] Re: [Nufw-users] nufw and squid in the same machine

From: maria perez
Subject: [Nufw-devel] Re: [Nufw-users] nufw and squid in the same machine
Date: Thu, 17 Nov 2005 12:19:25 +0100 
Hello!
I have some doubts about the configuration of SQL database for nufw and squid_nufw_helper. I am using the Mysql module for this.
In the NuFW Howto I can read in the section 3.2 'Setting up NuFW authenticated connections tracking' like I have to configure the SQL database. In this section it said I have to establish update and insert privileges on the "conntrack_ulog" table.
I have created the database 'nulog' with the file nulog.mysql.dump but it does not exits any table 'conntrack_ulog', the tables created in nulog database are; 

 cache_task
 last_update
 offenders
 tcp_ports
 udp_ports
 ulog
Too I have to establish select permissions to a sql user in this table for the module squid_nufw_helper. This user must to be the same or another different?? 

What is conntrack_ulog table?? ulog?

I'm sorry disturbing you again.
Thanks

 Maria


From: Eric Leblond <address@hidden>
To: maria perez <address@hidden>
CC: address@hidden
Subject: Re: [Nufw-users] nufw and squid in the same machine
Date: Tue, 15 Nov 2005 13:40:32 +0100


> I found nufw while I was looking for a solution to one of my problems:
> establish squid in a single machine working like transparent proxy and at > the same time to obtain user authentication in order by can define different 
> access politics for each system user.

> But I need config all in a single machine.

That was the point, I did not understand.

> The web traffic is redirected with iptables to squid:
>
> iptables -t nat N proxy
> iptables -t nat -A OUTPUT -p tcp --dport 80 -j proxy
> iptables -t nat -A proxy -m owner --uid-owner squid -j RETURN
> iptables -t nat -A proxy -p tcp -j REDIRECT --to-ports 3128

Then you need to filter in OUTPUT with nufw :

iptables -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner squid -j QUEUE

That should do the stuff. There may be an issue with negative owner
match but you will easily see if this is the case.

BR,
--
Eric Leblond <address@hidden>



_________________________________________________________________
Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
reply via email to
[Prev in Thread] Current Thread [Next in Thread]