>....... I can do direct proxying if I specify the proxy server on a machine,
>this works. But it will be tedious to upgrade all desktops to do this
>and not to mention complaints if someone tampers with it or why this
>needs to be done or new machines being added.......
I understand your problem. In case you don't get transparency working, here is a
workaround that I use.
On your bastion router, set ipgate=off, i.e. leave no route between the secure and
non-secure NICs. Packets cross the gap only if Squid hands them across. Then, proxy
setup is just part of setting up a workstation, and if users alter the settings then they
cannot browse the web. If you need other internet services you will need proxies for them
too.
John Sutherland
Phone & Fax +61 2 4683 1511
9 Meryla Street, Couridjah NSW 2571 Australia
Received on Mon May 30 2005 - 13:40:01 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:04 MDT