Re: Squid

To: Jay Kelly <neutec@debiandomain.com>
Cc: Debian User <debian-user@lists.debian.org>
Subject: Re: Squid
From: Phil Brutsche <pbrutsch@tux.creighton.edu>
Date: Sat, 29 Jul 2000 00:25:38 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.21.0007290016570.6119-100000@tux.creighton.edu>
In-reply-to: <[🔎] 20000728212406.A18621@debiandomain.com>

A long time ago, in a galaxy far, far way, someone said...

> Well I want to filter what is allowed to be accessed. I noticed that when I
> choose not to use a proxy in IE I still cann access the web. Is there a
> way to stop access to the web unless they use the proxy ?

You want what's called a transparent proxy.  To set one up, you set the
router/firewall that's protecting your internal network to redirect almost
any outgoing connection on port 80 to the web proxy software.  I say
almost because the proxy software itself needs unrestricted access to port
80.

These are the firewall rules I run with kernel 2.2 (the squid cache is on
port 3128 of the firewall):

ipchains -A input -d 127.0.0.1 80 -p tcp -j ACCEPT
ipchains -A input -d 172.16.2.1 80 -p tcp -j ACCEPT
ipchains -A input -s 172.16.2.0/24 --dport 80 -p tcp -j REDIRECT 3128

Check the manpage of 'ipchains' for more details on the REDIRECT target.

-- 
----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien

Reply to:

References:
- Re: Squid
  - From: Jay Kelly <neutec@debiandomain.com>

Prev by Date: Re: screen saver
Next by Date: ack! ssh, telnet and smtp don't accept outside requests
Previous by thread: Re: Squid
Next by thread: How do I ..... ( mailboxes and poping )
Index(es):
- Date
- Thread