Proxy Server / Network Layout Question
Good Morning (or Afternoon/Evening) All
I have a n00bish networking question about proxy servers. In the past I've always made my proxy server the network gateway, so the setup would go something like:
Modem/Router > Firewall > Proxy Server > Switch > LAN
The proxy server would have two nics with IP forwarding enabled and all that jazz. I'd set an ip tables rule to make the proxy server "transparent" to the lan by automatically forwarding outgoing port 80 traffic to port 8080 or 3128 (or whatever port that was being used by Squid).
This setup works well in a basic SOHO network environment, but I have a feeling that the more advanced the environment, the more difficult this would become to manage. Basically when troubleshooting connectivity to an online application, vpn, or some other remote service, it's never fun having 2 gateways. I'd like to have just 1 point of restriction in the form of a robust firewall. ie:
Modem/Router > Firewall > Switch > LAN
So now the question is, how do I transparently force users to go through the proxy? I know that I could manually setup the connection settings for IE and Firefox to point to the proxy, but what's stopping the users from removing those settings. The traveling laptop users have local admin rights to their machine, so they have the ability to change those settings.
So what is like the standard method used by network admins to force their lan users to transparently go through a proxy server?
Thanks!
|