How to i block torrents from running on squid ?

Thank you

there's no easy way to do it. look this: http://ubuntuforums.org/showthread.php?t=1373079

I have a theory to block torrent or any other unwanted thing. Don't block it, monitor!
The best way to block p2p is to find out who is the guy eating the bandwidth.

You can find a way to authenticate all users. If you're working for a company who cares about this, you can try to persuade them to create a policy with a badass warning saying the person is risking his job by doing this.

Thanks for that...at least the haze is clearing a bit now...

cheers and once again thanks for your help.

That i totally agree with. But the thing is i realised, it doesnt show up on squid reports. It shows i went to utorrent.com but it doesnt show the downlaods. Is there a way for it to appear on the sarg reports. ? i did a test and it seems it is invisible or something...

I need to get this guy coz he is making me look like a clown in front of my boss...Damn users..!!!

Not showing up on squid logs? hmm.. 2 possibilities I guess. problem with an ACL that needs to be reviewed or a problem with your firewall...

Maybe you will have a couple hours of fun reviewing your rules to find what this smart guy found.

Another issue could be with your router not intercepting all the packets. Are you masquerading the outgoing packets? If this is what you are doing, then make sure you are also redirecting all the port 80 connections to squid port. If you do not pay attention to what you are doing, this could result in you knowing nothing about your internet usage.

Thanks for the advice. I have squid and sarg. is there a separate package for firewall coz i didnt install anything else apart from the defualts. What firewall do i use. ?

ACL well all i have is one acl for my local network and then that has windows authentication enabled on it. Is there any particualr format or line i have to put in ?

Thanks

cheers

P.S Still a noob in novice shoes..(:-

Hi

Masquerading..sorry foot in mouth but what is masquerading ..??
All browsers are directed to squid and i added a rule on the router not to allow traffic from any other ip apart from squid box.

So now i know all traffic is through the box coz router drops packets from other ip addresses. Now i need to do filters but torrents seem to be hard to catch.

thanks for the insight as i am understanding things a bit more now

Cheers

Wow, this could explain everything. As far as I remember, default rules for squid allow any outgoing traffic. I would recommend search for some howto's regarding squid and also iptables.

http://www.squid-cache.org/
http://netfilter.org/

I could spend hours telling you how to build your proxy but it would be much better if you RTFM a little.

If you already have authentication is a good start because with some tuning your squid will be able to show you who the bad guys are.

About firewall, I don't know if you're responsible for it or not but if you are, I strongly recommend you to start reading a lot. iptables is the command to manage firewall on Linux.

Maybe you can find a good howto appropriate to your needs. If you need help on setting up rules, you may need to share some info about your internal network like: default gateway, netmask, proxy ip, firewall ip.

Good luck! :-D
May the source be with you

I know i look like a dumb idiot but thanks for that. I remember reading Iptables before n not knowing what the hell they were. I think i will put a firewall in place so that everything out n in of the proxy is recorded and legit. You said firewall Ip...Can the firewall be installed on the squid box ? Can it have the same Ip or will it havbe a different IP but reside in the same physical box ? thanks for the info. I understand learning and finding out myself is the best solution but as long as you guys point me in the right direction, i dont mind the research. Thank you

Cheers

Yes you can install firewall application on squid box, but that should not be necessary. iptables are default package in a linux distribution and you can use them for firewalling your network and also other NATing and masquerading purposes. You need nothing more for a basic setup.

And if you are looking for intercepting all the data on your network, read on how to configure your squid in transparent mode. That will help you more.

If I was you, I would do the following way:

1. Set policies on squid to monitor and block people (together with sarg and any other thing you'd like to).
2. Set a 2nd box as a firewall and disable everything that comes from regular users.
3. Everytime someone scream, you analize each case and ask them to make an official request to open a specific port. You must find a way to document each squid and firewall rule.

Why this second box? Beacuse I still believe a firewall is a firewall and not a multi-purpose machine. You can use and old PC as your firewall... Also, what I do for a box running a firewall is a minimal installation only with enough packages to make this firewall work.

To make your manager happy, now you have a controlled environment and you can now show graphs with before and after statistics. They love this shit.

I do agree on having a separate firewall machine. But if the traffic is limited it seems he would be wasting the hardware resources and money. I have got a similar setup running squid, dans and iptables without performance lag. The system also runs ntop as well. It would also depend how well OP can maintain the server. My server running squid and firewall is not even a server hardware machine but a Dell desktop workstation machine. But our traffic is low and no more than 40 users are online at any given time. So that also makes difference.