[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Locking Down Firefox

James P. Kinney III wrote:

Ah! Hormones do drive a certain level of tech savvy. :)

A better work around is to force ALL web traffic through the gateway to
go through the squidguard/dansguardian filter using iptables trickery.
The kids at the terminals can't monkey with that.

Thanks, James. My K12LTSP server is also the squidguard/dansguardian filter. I thought that the transparent-proxy-dg package was doing this.

iptables -A PREROUTING -p tcp -m tcp ! -d <your IP address scheme>/<your
net mask> -i <your incoming ethx device> --dport 80 -j REDIRECT
--to-port 3128

So, I have typed the following at the terminal

iptables -A PREROUTING -p tcp -m tcp ! -d -i eth1 --dport 80 -j REDIRECT --to-port 3128

and I get this response

iptables: No chain/target/match by that name


Do the same thing again for --dport 440 to grab the https traffic and
last but not least
iptables -A INPUT -p tcp -m tcp -i <you incoming ethx device> --sport
3128 -j ACCEPT
to accept packets into the squid proxy. squid will talk to dansguardian
by localhost sockets with are (usually) not blocked.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]