[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Blocking outside traffic. Allowing only local traffic...

Subject: [cobalt-users] Blocking outside traffic. Allowing only local traffic...
From: Jason <techman@xxxxxxxxxxxxx>
Date: Tue Feb 15 09:44:25 2000

Hi,

We are having a small problem with our CacheRaq.  On a daily basis about
300 different clients come in from other countries, other
ISP...etc...They are utilizing our cache server to go to Porn Sites
(including out of the country pre-teen porn sites) and also to Warez
sites.  We have been trying to block out all traffic besides traffic of
users who are in our domain/specified class C's.

I have contacted Cobalt Support regarding this issue.  Originally they
had me search in the Knowledge base for my solution.  I found an article
relating to the CacheQube.  I have implemented the following Access
Lists in my Squid.conf file.

acl all src 0.0.0.0/0.0.0.0
acl goodguys src 207.218.158.0/255.255.255.0 206.132.122.0/255.255.255.0

acl dsl src 208.50.59.0/255.255.255.0

http_access allow dsl
http_access allow goodguys
http_access deny all

ftp_access allow dsl
ftp_access allow goodguys
ftp_access deny all

icp_access allow dsl
icp_access allow goodguys
icp_access deny all


According to the documentation this should block out everyone except for
clients who belong to the specified Class C's.

So far this is not working correctly and people are still using our
CacheRaq.

After this was installed, the server was rebooted.  Still they were able
to access it.  I then contacted support again, then being told they
could not help me because it would require manually editing the
configuration files.  They pointed me to Squid's homepage for the
documentation.  Squid online docs show the format above as being correct
and should filter out any non-local traffic.

Can someone give me a hand here?  So far we are not getting anywhere
with these filters.  Cobalt's Support is unwilling to assist us in
secure their product.  If anyone has any experience with this or knows
what I might possibly be doing wrong please let me know, I am pulling my
hair out :)


Thanks in advance!!

--
 .---- Bringing your Dreams Online
 | Jason (admin@xxxxxxxxxxxxx)
 | DreamSoft Online Services
 | http://www.dreamsoft.com
.' (909) 475-1200 ICQ: 1080148

Follow-Ups:
- [cobalt-users] catch all address
  - From: Debbie Doerrlamm

Prev by Date: Re: [cobalt-users] IP Firewall on qube2 - Has ANYONE gotten it to work?
Next by Date: [cobalt-users] Web Logs
Previous by thread: Re: [cobalt-users] Mass Add USer Script
Next by thread: [cobalt-users] catch all address

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index