Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
Blocking these servers and any others you can think of ought to go a long way Free Public DNS Server
Code:
Service provider: Google
8.8.8.8
8.8.4.4
Service provider: ScrubIt
Public dns server address:
67.138.54.100
207.225.209.66
Service provider:dnsadvantage
Dnsadvantage free dns server list:
156.154.70.1
156.154.71.1
Service provider:OpenDNS
OpenDNS free dns server list:
208.67.222.222
208.67.220.220
Service provider: vnsc-pri.sys.gtei.net
Public Name server IP address:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
you shouldn't need to block any dns, just convert your squid into a transparent proxy, they'll still be able to get around certain stuff from things like google cached pages or via a tunnel, but anything heading toward a normal web server will get sent to squid first.
Like I said switch your squid over to a transparent proxy. To do this you'll need to redirect any port 80 traffic to it typically via iptables dnat if you are using linux as the outbound router os. The nice thing about this is it doesn't require them to configure the proxy in their browser.
Alternatively, you could disable IP forwarding on the router for the clients, thereby forcing them to use Squid to get outside the LAN. FWIW, a stopgap while you decide your best approach could be (on the router):
This prevents Web traffic (at least that which uses the standard ports) from being forwarded, which essentially means they'll be forced to use Squid for this sort of thing. I'd make sure outbound DNS queries aren't being used by the clients for anything else before blocking them, though.
Last edited by win32sux; 07-25-2010 at 06:42 PM.
Reason: Added rules for HTTP/S.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.