Thanks Henrik for responding. So, with this iptables command, my users will
not be able to go to say www.msn.com unless they have the proxy server and
port number I tell them mentioned in the connection section of their brower
(for IE) and proxy section in the Netscape browser? Port 80 is all I need to
restrict them to use the browser for direct access to the Web?
Henrik Nordstrom wrote:
> Firewalling.
>
> iptables -A FORWARD -p tcp -dport 80 -j REJECT --reject-with tcp-reset
>
> Regards
> Henrik
>
> tor 2002-11-07 klockan 18.21 skrev shaheen@OpenNetbd.com:
> > Hi, I am seeing some users are bypassing the squid proxy servers by
> > going directly to the net. Any way to restrict this? They simply do not
> > have the proxy server mentioned in their browser and using the proxy
> > server as their default gateway (which has 2 NICs, one pvt other
> > public).
> >
> > I am running 2.4STABLE7 of SQUID on RH 7.3 and have the following
> > iptables commands in my rc.local file.
> >
> > /sbin/iptables -t nat -P POSTROUTING DROP
> > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Received on Thu Nov 07 2002 - 11:08:25 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:13 MST