Squid + Special group enable NAT Access

Squid + Special group enable NAT Access

am 20.03.2007 18:52:03 von Mauricio Silveira

This is a multi-part message in MIME format.
--------------040500030907080407000706
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi all,

I'm wondering if it is possible to make squid call an external script or
binary (even better natively) to enable NAT access to specific user group.

The scenario is: I have a network where everyone should have
restrictions, use the proxy to surf the Internet as is an usual squid
implementation. BUT, I need to allow full NAT access to stations, based
on username, such an user would be the network admin.

EG: if a common worker logs in, no extra NAT access will be allowed,
proxy only access, blocking MSN an everything else necessary. I am an
admin, inside the group "full_access" and I need full NAT access to the
world, but i need this while I'm logged to a station, no matter what
station I'm logged on. Logging off will remote my NAT rights for the IP.

Did I make myself clear?
Is it possible? Any hints?

Thanks!

Mauricio

--------------040500030907080407000706
Content-Type: text/x-vcard; charset=utf-8;
name="msilveira.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="msilveira.vcf"

begin:vcard
fn:Mauricio Silveira
n:Silveira;Mauricio
org;quoted-printable:FSN do Brasil - Consultoria em Informática;Software Development / Networking
adr:;;;;;;Brazil
email;internet:msilveira@linuxbr.com
title:Linux Consultant / Developer
tel;cell:11-9949-1040
url:http://www.fsndobrasil.com
version:2.1
end:vcard


--------------040500030907080407000706--
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Squid + Special group enable NAT Access

am 21.03.2007 15:46:58 von brouits

You may use squid's authentication capabilities based on PAM for exampl=
e
and people log in squid (popup) before they can browse the net. The
rules are then based on squid's rights on URLs and people.
But about other protocol than http and the CONNECT query (ftp, etc...),
squid will have no clue i guess. Look at nufw if you need something
stronger and more powerful. http://www.nufw.org/-English-.html

Le mardi 20 mars 2007 à 14:52 -0300, Mauricio Silveira a écri=
t :
> Hi all,
>=20
> I'm wondering if it is possible to make squid call an external script=
or=20
> binary (even better natively) to enable NAT access to specific user g=
roup.
>=20
> The scenario is: I have a network where everyone should have=20
> restrictions, use the proxy to surf the Internet as is an usual squid=
=20
> implementation. BUT, I need to allow full NAT access to stations, bas=
ed=20
> on username, such an user would be the network admin.
>=20
> EG: if a common worker logs in, no extra NAT access will be allowed,=20
> proxy only access, blocking MSN an everything else necessary. I am an=
=20
> admin, inside the group "full_access" and I need full NAT access to =
the=20
> world, but i need this while I'm logged to a station, no matter what=20
> station I'm logged on. Logging off will remote my NAT rights for the =
IP.
>=20
> Did I make myself clear?
> Is it possible? Any hints?
>=20
> Thanks!
>=20
> Mauricio
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html