[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squid

A long time ago, in a galaxy far, far way, someone said...

> Well I want to filter what is allowed to be accessed. I noticed that when I
> choose not to use a proxy in IE I still cann access the web. Is there a
> way to stop access to the web unless they use the proxy ?

You want what's called a transparent proxy.  To set one up, you set the
router/firewall that's protecting your internal network to redirect almost
any outgoing connection on port 80 to the web proxy software.  I say
almost because the proxy software itself needs unrestricted access to port

These are the firewall rules I run with kernel 2.2 (the squid cache is on
port 3128 of the firewall):

ipchains -A input -d 80 -p tcp -j ACCEPT
ipchains -A input -d 80 -p tcp -j ACCEPT
ipchains -A input -s --dport 80 -p tcp -j REDIRECT 3128

Check the manpage of 'ipchains' for more details on the REDIRECT target.

Phil Brutsche				    pbrutsch@tux.creighton.edu

"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien

Reply to: