Blocking port 80 on NAT and allowing browsing thru squid
Hi,
Let me first explain my setup. I have a linux box that is both a NAT as well as a Squid Proxy Server connected to the ISP on 1 NIC and to my LAN on antoher NIC. IP address of the NIC connected to the LAN is 192.168.10.99/24.
I have configured the web browser settings on all systems in my lan to use 192.168.10.99 as the proxy server on port 3128. I am having to provide NAT so that people within my network can use Microsoft Outlook to connect to the mail server hosted elsewhere on the internet.
I have configured my squid to provide full access to the directors, restricted site access to others. Have also blocked porn.
My main problem is that if any user just unselects the proxy settings in their browser, they can happily browse without any restriction which needs to be prevented.
I tried the following command :-
iptables -t nat -A FORWARD -p tcp --dport 80 -j DROP
This seemed to work, i.e., i was not able to browse from any other pc in my lan thru the gateway, but was able to browse only when the proxy settings are configured in the clients' web browser settings. Problem was some people complained that their outlook could not send and receive messages after I had issued the above command. When I flushed it, their outlook started working fine.
Please do let me know how to go about doing this. Blocking porn is very very important for my company. I just need to disable web browsing thru the NAT gateway, and allow browsing for my users only thru the squid proxy.
|