[K12OSN] Squid / Socks

Les Bell lesbell at lesbell.com.au
Wed May 19 12:35:44 UTC 2004

daniel.hunt at iibbank.ie wrote:

I thought I could just slap a redhat box between my lan and my router with
squid and a socks5 server and it'd stop all those nasty mp3's being sent by
my sister to her friends ;)

Not that straight-forward, I'm afraid. However, you can stop a lot by using
the combination of an iptables filtering firewall, with a transparent squid
proxy. The trickiest part is blocking access to IM and P2P systems, as they
will use port spidering - try to connect on their own ports first of all,
then other port numbers that might be open, and finally fall back to http
on port 80 as that will almost always work. It can be quite hard to kill
off MSN Messenger, for example.

Most firewalls are a combination of packet filtering - which doesn't do any
content inspection or caching - and application-layer proxying, which can
do those things. A mail gateway is an application-layer proxy, for example:
it doesn't care much at all about IP addresses and port numbers, but
instead inspects entire emails to make routing decisions based upon mailbox
addresses as well as spam filtering, virus scanning, etc. This is something
packet filtering can't do. And of course, the logic of a mail gateway is
quite different from a proxy web server. . .


--- Les Bell, RHCE, CISSP

More information about the K12OSN mailing list