[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Re: squidGuard by default



Yan,
	thanks, this gives me a ray of hope ;-)  it also means that i have
to recompile the kernel for iptables support. this is going to be next
week project. after this is done i just might have to take you up on your
offer of explaining the iptables rules. julius

On Sun, 2 Jun 2002, Yan Seiner wrote:

> > From: Julius Szelagiewicz <julius turtle com>
> > To: k12osn redhat com
> >         I am trying to configure squid / squidGuard for fully automatic
> > use from workstations. i am running squid on the same server that the
> > workstations boot from and i am not running an httpd server on the box.
> > squid and squidGuard work just fine if i change the netscape preferences
> > to proxy. when set to "direct internet connect" squid is being bypassed,
> > despite the fact that it listens on ports 80 and 3128. setting proxy to
> > local host and port 80 makes it work fine, but i don't want the users to
> > be able to bypass it at all. i must be missing something really easy. tia,
> > julius
>
>
> You need to redirect via iptables (not ipchains - why RH chose to dumb
> down iptables to ipchains I'll never know):
>
> First, you grab everything going to port 80 on any outside server and
> send it to squid:
>
> $IPTABLES --table nat --append PREROUTING \
>         --in-interface eth+ --protocol tcp --destination $OUTSIDE
> --dport http \
>         -j REDIRECT  --to-port 3128
>
> Now you make sure that you let the modified packets in to your box:
>
> $IPTABLES --table filter --append INPUT \
>         --protocol tcp --source $WAN --dport 3128 --destination $OUTSIDE
> \
>         -j ACCEPT
>
> Let me know if I need to explain these rules in detail.  For this to
> work, squid should *not* listed on port 80.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]