[K12OSN] Locking Down Firefox
R. Scott Belford
scott at hosef.org
Wed Oct 4 23:23:15 UTC 2006
James P. Kinney III wrote:
> Ah! Hormones do drive a certain level of tech savvy. :)
>
> A better work around is to force ALL web traffic through the gateway to
> go through the squidguard/dansguardian filter using iptables trickery.
> The kids at the terminals can't monkey with that.
Thanks, James. My K12LTSP server is also the squidguard/dansguardian
filter. I thought that the transparent-proxy-dg package was doing this.
>
> iptables -A PREROUTING -p tcp -m tcp ! -d <your IP address scheme>/<your
> net mask> -i <your incoming ethx device> --dport 80 -j REDIRECT
> --to-port 3128
So, I have typed the following at the terminal
iptables -A PREROUTING -p tcp -m tcp ! -d 192.168.0.254/255.255.255.0 -i
eth1 --dport 80 -j REDIRECT --to-port 3128
and I get this response
iptables: No chain/target/match by that name
?
>
> Do the same thing again for --dport 440 to grab the https traffic and
> last but not least
> iptables -A INPUT -p tcp -m tcp -i <you incoming ethx device> --sport
> 3128 -j ACCEPT
> to accept packets into the squid proxy. squid will talk to dansguardian
> by localhost sockets with are (usually) not blocked.
--scott
More information about the K12OSN
mailing list