On May 5, 2010, at 9:21 AM, Boniforti Flavio wrote:
> Now some clever users have discovered that they can use foreing external
> proxies to avoid filtering.
>
> What I was thinking to do, is to enable on my firewall LAN-->WAN *only*
> my proxy's IP address, but the question is: how would I have to proceed,
> as the client PCs still could be set their proxy settings?!
I'm currently working on a replaceThePIXwithLinux project. What I'm hoping to do is:
This will be the *only* way out of the LAN. This is to be enforced with pieces of wire. If they can get into the wiFi next door, I don't have a solution for that yet.
This box will transparently proxy HTTP by intercepting port 80 (and 443??) and forwarding it to 3128. Squid will be running on the gateway / filter / firewall.
Aside from a few ports (SMTP, POP3, IMAP, DNS, etc. on the DMZ), the LAN won't be able to go anywhere. Except for me, of course; I can go anywhere...
Don't know if this is going to work, but if it does, rules similar to these may solve your problem. With no proxy whinage.
-- Glenn English ghe_at_slsware.comReceived on Wed May 05 2010 - 15:45:35 MDT
This archive was generated by hypermail 2.2.0 : Wed May 05 2010 - 12:00:04 MDT