[K12OSN] Block internet access on thinclient side

Brian Chivers brian at portsmouth-college.ac.uk
Tue Apr 1 09:36:19 UTC 2008 

Just tried this and got the error below

iptables -I PREROUTING -t nat -s 127.0.0.1 -m tcp -p tcp --dport 80 -j REDIRECT --to-destination 
192.168.0.80:8080

iptables v1.3.5: Unknown arg `--to-destination'
Try `iptables -h' or 'iptables --help' for more information.


Help :-)
Brian


James P. Kinney III wrote:
> Hi Brian,
> 
> It is quite easy to do what you need. The thin clients all run their web
> browser on the server so only the thin client servers need to be
> adjusted. iptables is the correct way to do it because proxy settings in
> user configs can be changed.
> 
> iptables -I PREROUTING -t nat -s 127.0.0.1 -m tcp -p tcp --dport 80 -j
> REDIRECT --to-destination <ip of proxy>:<port of proxy>
> 
> Repeat that for all other port traffic you need by just changing the 80.
> 
> You can save the final configuration with iptables-save >
> iptables-saved-file
> and restore with iptables-restore iptables-saved-file
> On Mon, 2008-03-31 at 12:09 +0100, Brian Chivers wrote:
>> I'd like to block all access to the outside network / internet from our thinclients unless they go 
>> via the our proxy server. I have installed a global extension for firefox that has setup it up how I 
>> want with proxy's and bookmarks etc for all users but if you change the connection setting to 
>> "direct" you go straight out bypassing everything.
>>
>> I could setup our main firewall to block the thinclient server completely but it is very useful to 
>> have full connectivity on it for things like freenx and updates.
>>
>> Is it possible to setup the iptables on the k12ltsp box itself to drop or redirect all connects from 
>> the thinclient side and only allow the important ones for things like the initial booting ?
>>
>> I've never played with iptables before any useful pointers would be gratefully received.
>>
>> Thanks
>> Brian Chivers
>> Portsmouth College
>>
>> ------------------------------------------------------------------------------------------------
>>     The views expressed here are my own and not necessarily
>>  
>>                 the views of Portsmouth College    
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>


------------------------------------------------------------------------------------------------
    The views expressed here are my own and not necessarily
 
                the views of Portsmouth College

More information about the K12OSN mailing list