|
From: | maria perez |
Subject: | [Nufw-devel] Re: [Nufw-users] nufw and squid in the same machine |
Date: | Thu, 17 Nov 2005 12:19:25 +0100 |
Hello!I have some doubts about the configuration of SQL database for nufw and squid_nufw_helper. I am using the Mysql module for this.
In the NuFW Howto I can read in the section 3.2 'Setting up NuFW authenticated connections tracking' like I have to configure the SQL database. In this section it said I have to establish update and insert privileges on the "conntrack_ulog" table.
I have created the database 'nulog' with the file nulog.mysql.dump but it does not exits any table 'conntrack_ulog', the tables created in nulog database are;
cache_task last_update offenders tcp_ports udp_ports ulogToo I have to establish select permissions to a sql user in this table for the module squid_nufw_helper. This user must to be the same or another different??
What is conntrack_ulog table?? ulog? I'm sorry disturbing you again. Thanks Maria
From: Eric Leblond <address@hidden> To: maria perez <address@hidden> CC: address@hidden Subject: Re: [Nufw-users] nufw and squid in the same machine Date: Tue, 15 Nov 2005 13:40:32 +0100 > I found nufw while I was looking for a solution to one of my problems:> establish squid in a single machine working like transparent proxy and at > the same time to obtain user authentication in order by can define different> access politics for each system user. > But I need config all in a single machine. That was the point, I did not understand. > The web traffic is redirected with iptables to squid: > > iptables -t nat N proxy > iptables -t nat -A OUTPUT -p tcp --dport 80 -j proxy > iptables -t nat -A proxy -m owner --uid-owner squid -j RETURN > iptables -t nat -A proxy -p tcp -j REDIRECT --to-ports 3128 Then you need to filter in OUTPUT with nufw : iptables -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner squid -j QUEUE That should do the stuff. There may be an issue with negative owner match but you will easily see if this is the case. BR, -- Eric Leblond <address@hidden>
_________________________________________________________________Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
[Prev in Thread] | Current Thread | [Next in Thread] |