Hey folks

I'm trying to use a combination of Shorewall/Squid/Privoxy/Tor (all running on the same box) on my network.

I've added:
REDIRECT loc 80 tcp www

to my shorewall "rules" file and it's working great - my test pc on my network can surf through tor transparently (without adding anything to their browser setting).

Now my question is, how do I stop ALL other outgoing traffic from the LAN (e.g. to prevent someone entering their own proxy server in firefox)..


I've tried adding DROP loc:10.xx.xx.0/24!10.xx.xx.1/32 net
(where the first is my local subnet and the exclusion is my firewall's ip) however this blocks my tor setup working..

Help is appreciated cheers

ok i've made some progress..

Looks like my rule does work. It's just that when doing transparent proxying, firefox does a DNS lookup first which fails (cause it's blocked).

Any ideas?