[K12OSN] Block internet access on thinclient side

James P. Kinney III jkinney at localnetsolutions.com
Mon Mar 31 11:31:48 UTC 2008 

Hi Brian,

It is quite easy to do what you need. The thin clients all run their web
browser on the server so only the thin client servers need to be
adjusted. iptables is the correct way to do it because proxy settings in
user configs can be changed.

iptables -I PREROUTING -t nat -s 127.0.0.1 -m tcp -p tcp --dport 80 -j
REDIRECT --to-destination <ip of proxy>:<port of proxy>

Repeat that for all other port traffic you need by just changing the 80.

You can save the final configuration with iptables-save >
iptables-saved-file
and restore with iptables-restore iptables-saved-file
On Mon, 2008-03-31 at 12:09 +0100, Brian Chivers wrote:
> I'd like to block all access to the outside network / internet from our thinclients unless they go 
> via the our proxy server. I have installed a global extension for firefox that has setup it up how I 
> want with proxy's and bookmarks etc for all users but if you change the connection setting to 
> "direct" you go straight out bypassing everything.
> 
> I could setup our main firewall to block the thinclient server completely but it is very useful to 
> have full connectivity on it for things like freenx and updates.
> 
> Is it possible to setup the iptables on the k12ltsp box itself to drop or redirect all connects from 
> the thinclient side and only allow the important ones for things like the initial booting ?
> 
> I've never played with iptables before any useful pointers would be gratefully received.
> 
> Thanks
> Brian Chivers
> Portsmouth College
> 
> ------------------------------------------------------------------------------------------------
>     The views expressed here are my own and not necessarily
>  
>                 the views of Portsmouth College    
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the K12OSN mailing list