Archive for March, 2008

Blocking web access via squid

This is a configuration that I have used to restrict access to web sites via squid. It seems to work well for a small number of users.

From /etc/squid/squid.conf

acl Home proxy_auth REQUIRED
acl all src 0/0
acl block url_regex -i “/etc/squid/blockedsites.acl”
http_access deny block
acl allowsites url_regex -i “/etc/squid/allowedsites.acl”
http_access allow Home allowsites
http_access deny all

In /etc/squid/blockedsites.acl, I listed strings that when contained in a url will not be permitted. In /etc/squid/allowedsites.acl, I listed domain name strings that are allowed. For example, “”. Then, if I want to allow to all sites except those listed in the blockedsites.acl, I just add “.”. to the allowedsites.acl.

Sample /etc/squid/blockedsites.acl:

Sample /etc/squid/allowedsites.acl:


This will allow users to go to all sites but myspace and youtube.

However, in this sample /etc/squid/allowedsites.acl:

Users will only be allowed to go to

Pacbell mail settings – for old Pacific Bell Internet subscribers.

Authentication information: Use your full mail address. This is needed for both pop and smtp. And here is the gotcha, NO encryption of any kind! Good thing I don’t use mine for anything more than testing. port 110 port 25
No SSL boxes checked.

Mounting a Windows share in MAC OS.

mount -t smbfs //username:password@servername/sharename /mountpoint

Wireshark notes

The following works to perform a network trace for 1 hour (-a duration:3600) and to create multiple files of 10MB in size (-b filesize:10240). Files will have a “test” (-w test) prefix. The “-p” is to capture in promiscus mode. This uses less system resources than trying to achieve the same thing using the wireshark gui.

dumpcap -a duration:3600 -b filesize:10240 -w test -p

To merge all the captures in one file:

mergecap -w bigfile littlefiles

For example:

mergecap -w all.cap one.cap two.cap etc.cap


mergecap -w all.cap small*.cap

To use tshark (installed with wireshark) to filter a capture without using the GUI (much more efficient):

tshark -R “anydisplayfilters” -r inputfilename -w outputfilename

For example, here are two display filter examples. They are similar to the ones used in wireshark GUI. I kept trying to tcpdump filters, which work fine for capturing.:
tshark -R “ip.addr ==” -r in.cap -w out-filtered.cap
tshark -R “ip.addr ==” -r in.cap -w out-filtered.cap

Filter notes:
How to filter a time range:
(frame.time >= “mmm dd, yyyy hh:mm:ss”) && (frame.time <= "mmm dd, yyyy hh:mm:ss")

MacOSX Leopard – enable network services.

I found the following from the Apple forums (

To enable telnet and other Inet services, you edit the files in /System/Library/LaunchDaemons . For telnet, you edit the file /*System/Library/LaunchDaemon/telnet.plist*. Change line 5 from Disabled to Enabled. Then restart your mac. I’m sure there’s a way to avoid having to restart the computer, but I haven’t found it (admittedly, I didn’t spend much time on it) and simply restarting launchd with a killall -HUP launchd didn’t do it.

Where to downlad DVDFab free version.

Return top