Transparent Squid : Deny direct requests to proxy
After much fruitless searching I've decided my best solution is to ask some experts in the field. :-)
I currently have a captive portal set up and running quite well using iptables, PHP, MySQL and some .htaccess magic. Additionally, the server runs Squid transparently to log where users go and to provide some relief for the Internet connection (It's only a 1.5 meg cable connection with horrible uplink speeds.)
My trouble is this: Even though Squid is in transparent mode it still accepts direct requests. (IE: A user puts the Squid IP and port into their browser) This bypasses the captive portal that would otherwise drop their packets until they are granted access.
Solution requested: A way to either stop Squid from accepting direct requests, a Squid ACL to deny any and all direct requests, or some set of rules for iptables that will deny direct requests to port 3128 but that will still allow the redirect from port 80 to work.
I'm running Ubuntu 10.04 server with the basic LAMP setup and such. The local subnet is 192.168.0.0/24. And yes, I do have two NICs. (eth0 is outside, eth1 is inside - Yay for dry erase markers!)
Thanks in advance for your help!