Squid Proxy Server
Hi...
I've a small home network with linux as a server and clients are windows. I've configured squid to restrict porn sites on the clients. and I've a switch not a router. the clients cannot access porn sites when they configure thier firefox to use the squid proxy. BUT if they choose the option 'direct access the internet' instead, then they can access porn sites.(how come???!!!) it seems like an internet connection sharing not a proxy server... so how can I enforce them to use the internet only through the squid proxy server ?? |
What router/gateway are the boxes using? That's where your problem/solution lies. You can either stop them from getting routed, or force them to get proxied.
|
when they choose the option 'direct connection to the internet' in thier firefox or any browser...I want to force them get proxied.
|
Quote:
|
Quote:
ISP connects to eth0 on your server Switch connects to eth1 on your server The only way clients can get to the Internet is through you. Block requests to port 80 from eth1 using iptables. Allow 8080 in from eth1. Block 3128 from eth1. Then the only way the clients can get out is to talk to dansguardian on port 8080. From your machine you should still be able to download executables/packages if you wish. iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --ports 80,3128 -j DROP Depending on the policies of your firewall, you may have to enable forwarding and acceptance of 8080. To make this magic transparent, you could reroute port 80 inputs from eth1 to go to port 8080 on the server. iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --ports 80,3128 -j REDIRECT --to-ports 8080 Then all requests to port 80 or 3128 from eth1 will be handled by dansguardian on 8080. If squid or dansguardian stops, access to the Internet stop. The security of all this depends on the clients only being able to access the Internet through eth1. To read the gory details: man iptables. You can use static IP addresses for your clients or set up DHCP to run on your server. Static is probably easy if you have a few clients. |
All times are GMT -5. The time now is 12:37 PM. |