Yes. The IP addresses are then available at the point where you are
performing access controls.
Regards
Henrik Nordström
On Monday 07 January 2002 05.24, Lim Seng Chor wrote:
> Is that possible if I do it in this way:
>
> configure a squid at my NAT gateway listening to the private IP
> interface and just to do the ACL control and passing the allowed http
> access to my squid box in DMZ?
>
> Please advise. Thanks.
>
> On 7 Jan 2002 at 4:45, Henrik Nordstrom wrote:
> > If you are using NAT to hide the users IP addresses before they reach
> > Squid, then Squid will have a very hard time basing access on such
> > information as it plain is not available.
> >
> > I think you should consider using authentication, requiring the users
> > to log in to the proxy service to reach the Internet. This way you can
> > base access controls on username, no matter what station they are
> > currently using.
> >
> > Regards
> > Henrik Nordström
> > Squid Developer
> >
> > On Sunday 06 January 2002 16.42, Lim Seng Chor wrote:
> > > Hi,
> > >
> > > I have 2 subnets using private ip address and 1 subnet using public
> > > ip address (in fact it is DMZ). My squid box located at DMZ network
> > > but i find it very hard to generate the ACL to control my clients'
> > > http access coming from the private networks since the connections
> > > from the clients to the squid box are origin from the same IP which
> > > is the interior gateway IP. In this case, is there anyway I can
> > > restrict the http access based on client hostname or private ip
> > > address. Thank you for your help.
> >
> > --
> > MARA Systems AB, Giving you basic free Squid support
> > Customized solutions, packaged solutions and priority support
> > available on request
-- MARA Systems AB, Giving you basic free Squid support Customized solutions, packaged solutions and priority support available on requestReceived on Sun Jan 06 2002 - 21:59:54 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST