Hi

Our little office network consists of a DSL router, and one subnet with about 15 hosts.

One of the hosts is running Squid, and it all works fine with the browsers on the clients set to use Squid.

Of course, the users can simply choose to not use a proxy and can surf the internet directly. This is what I'm hoping to change.

What gets me is how to set up my DSL router to allow only the machine running Squid to request web pages. Or should I be looking at the switch for a solution.

I guess what I really need is someone to help me understand the mechanism of how to tackle the problem more than a HOWTO.

The Router has a web interface. It allows me to black and allow traffic from and to certain machines based on which port the request is sent on. Sometimes it takes the value of 0.0.0.0 as the IP address. Would this mean that it allows all traffic on that port?

The router is a Dynalink RTA220.

Thanks

does your router allow you to block outgoing ports?
if so you can block http and https, and only allow it from the squid box.

other option, which may cause some routing issues, is to set your default gateway in the DHCP to use the squid box.

Yes it does allow blocking of outgoing ports.

What I can't figure out is how to disallow all port 80 packets, but allow it for one host.

Interesting idea with the gateway. Hmmmm.

there's not much in the way of documentation for that router, but basically you want a blanket deny rule for 0.0.0.0 outbound on TCP/80 and an allow rule for your proxy server. If it came with a manual or .pdf on a cd-rom etc, then it should detail how to do this...

Indeed, the documentation, as always, is terrible. Thanks for taking the time , angrybeaver.

Like you said: I need two rules. I tried to firstly deny all traffic, and then allow for only the one machine. Grrr, no luck thus far.

Maybe I should give you access to the router, see if you can do something with it?

try reversing the order of rules, allow then deny

OK, good idea. Thanks. I'll try on Monday :-)