Re: Squid
A long time ago, in a galaxy far, far way, someone said...
> Well I want to filter what is allowed to be accessed. I noticed that when I
> choose not to use a proxy in IE I still cann access the web. Is there a
> way to stop access to the web unless they use the proxy ?
You want what's called a transparent proxy. To set one up, you set the
router/firewall that's protecting your internal network to redirect almost
any outgoing connection on port 80 to the web proxy software. I say
almost because the proxy software itself needs unrestricted access to port
80.
These are the firewall rules I run with kernel 2.2 (the squid cache is on
port 3128 of the firewall):
ipchains -A input -d 127.0.0.1 80 -p tcp -j ACCEPT
ipchains -A input -d 172.16.2.1 80 -p tcp -j ACCEPT
ipchains -A input -s 172.16.2.0/24 --dport 80 -p tcp -j REDIRECT 3128
Check the manpage of 'ipchains' for more details on the REDIRECT target.
--
----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien
Reply to:
- References:
- Re: Squid
- From: Jay Kelly <neutec@debiandomain.com>