Re: [squid-users] iptables to allow squid...

From: Hamish Kibblewhite <kibblew@dont-contact.us>
Date: Mon, 28 May 2001 11:55:02 +1200

Henrik,
            many thanks.

>Sure.

>Do you want to do it transparently or simply enforced by blocking direct
>access if not configured to use the proxy?

You have given me some ideas I will follow.

I may try both. In addition I am going to try to use DNAT as well because
it may solve another problem for me. (In addition to looking into proxy
stuff at home I am involved with the local school. They have an ISP that
has provided a linux box.... They want to block all outbound other than to
the ISP proxy which has some filtering software. Transparent redirection
is my preferrence. I need to be able to hand the ISP a gift wrapped
solution so all they have to do is implement. If I hand them a couple of
solutions... with the simplest being DNAT or enforced blocking.. then they
are more likely to implement..... Some kiddies changed browser settings
recently to go direct connnection to the internet which caused some
concern. The age of the kiddies is 5 years to 10 years (or thereabouts)

for DNAT I am going to try something along the lines of.

 $IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -i $LOCAL_IFACE_1 \
         -j DNAT --to-destination $ISP_PROXY:$PROXY_PORT

Don't know if that will do the business for me - I'll have to do some
logging in iptables to see if it
does. It has been a steep learning curve for iptables and squid over the
past weekend.

So in summary. I will try your suggestions. As well as the DNAT. I now
have more options to try. Thanks.
and regards,
Hamish Kibblewhite
Received on Sun May 27 2001 - 17:54:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:19 MST