[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] Re: squidGuard by default



> Subject: [K12OSN] Re: squidGuard by default
> Date: Sun, 2 Jun 2002 11:43:17 -0400 (EDT)
> From: Julius Szelagiewicz <julius turtle com>
> Reply-To: k12osn redhat com
> To: k12osn redhat com
> 
> Dear Listers,
>         I am trying to configure squid / squidGuard for fully automatic
> use from workstations. i am running squid on the same server that the
> workstations boot from and i am not running an httpd server on the box.
> squid and squidGuard work just fine if i change the netscape preferences
> to proxy. when set to "direct internet connect" squid is being bypassed,
> despite the fact that it listens on ports 80 and 3128. setting proxy to
> local host and port 80 makes it work fine, but i don't want the users to
> be able to bypass it at all. i must be missing something really easy. tia,
> julius


You need to redirect via iptables (not ipchains - why RH chose to dumb
down iptables to ipchains I'll never know):

First, you grab everything going to port 80 on any outside server and
send it to squid:

$IPTABLES --table nat --append PREROUTING \
        --in-interface eth+ --protocol tcp --destination $OUTSIDE
--dport http \
        -j REDIRECT  --to-port 3128

Now you make sure that you let the modified packets in to your box:

$IPTABLES --table filter --append INPUT \
        --protocol tcp --source $WAN --dport 3128 --destination $OUTSIDE
\
        -j ACCEPT

Let me know if I need to explain these rules in detail.  For this to
work, squid should *not* listed on port 80.

--Yan

-- 
Famous first words: My, my, my, my, my!
Jason, age 16 mos, to his older sister

spam killer code kpwq1jkcsEzdx39gnkVvgycd15ayqq





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]