13 Mar
2008
13 Mar
'08
1:30 p.m.
On 3/13/08, Anurag anurag@gnuer.org wrote:
However, you can deny access to the proxy to anyone not in 192.168.0.0/24 with this iptables rule - assuming your proxy is on port 3128:
# iptables -I INPUT 1 -s ! 192.168.0.0/24 --dport 3128 -j DROP
Alternatively, you might want to bind squid to only your private IP.
http_port 192.168.X.Y:3128
Also, be careful if you're serving IP's via DHCP. I had this problem, that I was running DHCP, but had given static IP's to all the client. I noticed from sarg reports that though the IP's were in the range of 192.168.1.0/24 many of them were from the set of static IP's I had given. After disabling DHCP this problem was solved.