Transparent Proxy Question
I am currently deploying a modified version of Dansguardian (pass through proxy) on my LAN here at camp. I have setup iptables to foward port 80 LAN traffic to DansGuardian. It all works out if I set the workstations gateway to the machine running iptables (as well as DansGuardian and Squid). A client though can easily change the gateway address to the router's ip address and bypass the port 80 routing allowing unfiltered access.
I have setup a DHCP server to give out ip addresses and auto assign the correct gateway (iptables) but there is nothing stopping someone from changing the gateway address.
How can I force all workstations to use the iptables gateway rather than the actual router gateway address. My current setup is that ALL workstations are patched directly into a router hub.
Thanks for reading this essay,
Ben
Last edited by acompw; 09-02-2004 at 07:54 PM.
|