LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   block internet if no squid proxy (https://www.linuxquestions.org/questions/linux-software-2/block-internet-if-no-squid-proxy-623682/)

mrlinux2000 02-25-2008 07:48 AM
block internet if no squid proxy
 
hi !

it is working now, i mean squid proxy , but clients desactivate proxy and i want to force them to use proxy before they can explore internet
thnak you

acid_kewpie 02-25-2008 08:01 AM
well that's what a firewall is for. If you can please describe your architecture, we may be ale to help.

Emerson 02-25-2008 08:08 AM
I've seen networks where NAT is simply turned off, leaving no way but proxy to get out.

mrlinux2000 02-25-2008 08:30 AM
i have linux server and local area network 192.168.1/24 and i configure a proxy which is working if i go to the explorer-internet options-connections-proxy 192.168.1.11 port 8080
it works, but clients delete proxy after i did that and they can go without proxy ...
now i want to obligate that

mrlinux2000 02-25-2008 08:30 AM
i mean to get internet you have to pass through the proxy first not optionally

acid_kewpie 02-25-2008 09:00 AM
no, i meant what phsycial architecture do you have? what form does your internet connectivity take? what device is terminating it etc..?

mrlinux2000 02-25-2008 09:43 AM
ok,
am using nat one card for internet and other for local , and i have router adsl

farslayer 02-25-2008 11:03 AM
So only allow the Proxy machine outbound access to destinations of port 80 and 443..

mrlinux2000 02-26-2008 04:42 AM
that is not what am asking for

acid_kewpie 02-26-2008 05:19 AM
no, that *IS* what you're asking for, he means you should block access to any other system on those ports. quite how you do it with the minimal information you have given us is a different question. why is this box routing in the first place? should you not just disable routing on it? are you using some firewall gui on this box already? just add port 80 and 443 to the block list there.

mrlinux2000 02-26-2008 05:52 AM
thank you all

as i mentioned i have squid proxy working well, but it work for the local post only if i set the proxy ip for them and port(they can disable proxy after i change it), and that is not what i dont want

simply i want that to be automatically

acid_kewpie 02-26-2008 05:58 AM
yes, you keep saying that and keep not giving us useful information. what are you doing for a firewall? is this box also the router etc..?

mrlinux2000 02-26-2008 07:03 AM
ok, am using iptables , i think i have to add rules to forward all http requests (coming to port 80) to the Squid server port 3128 !!!

acid_kewpie 02-26-2008 07:18 AM
i would advise against an automatic proxy myself, it's much nicer to have them correctly using it directly, as you then have more clarity and visibility of what's going on. if you do want a transparent proxy, then there are many many docs online about the iptables and squid modifications to do this.

http://www.faqs.org/docs/Linux-mini/...rentProxy.html

as above, better to just block it normally though.

mrlinux2000 02-26-2008 08:06 AM
thank you sooooooooooooooooooooooooooooo much
i appreciate your help
thank you


All times are GMT -5. The time now is 12:31 PM.