[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] preventing bypass of proxy settings in browsers

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: Re: [Sheflug] preventing bypass of proxy settings in browsers
From: Pete Collier <pecb [at] xxxxxxxxxxxxx>
Date: Wed, 29 Sep 2004 10:30:12 +0100
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.6.2

On Wednesday 29 September 2004 08:35, Alan Pope wrote:
> On Wed, 29 Sep 2004 07:29:52 +0100, Pete Collier <pecb [at] nildram.co.uk> wrote:
> >         I've managed to get dansguardian and local proxy working on my
> > standalone machine. However it is possible for a user to alter their
> > settings in a browser to direct connection instead of proxy. This makes
> > dansguardian ineffective. How do I stop someone from altering the
> > settings to direct connection?
> >
> > Peter C
>
> Block ports on the firewall for traffic originating at the client PCs
> using ports used by proxies, including 80, 1080, 8080, 3128 etc?
>
> That way to get out via http they have to go via your box.
>
> Cheers,
> Al.
I have no other computers connected to mine. It's running Suse 9.1 and I have 
set up 5 accounts/users on it for my 2 lads and the grandchildren. My 
internet searches have shown details for redirecting but seem always to be 
referring to multiple machines, not to one that's on it's own. I've got squid 
on 3128 and dansguardian on 8080 but I've not grasped how to set the firewall 
up to this. Do I edit additional TCP services  in YaST? I've tried 
understanding and editing /etc/sysconfig/susefirewall2, adding the line I saw 
in an example :-
 FW_REDIRECT="10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080"
but thats not worked. Perhaps 172.20.1.1 should be 172.0.0.1 or am I looking 
in the wrong place?
Peter C
___________________________________________________________________
>
> Sheffield Linux User's Group -
> http://www.sheflug.co.uk/mailfaq.html
>
>   GNU the choice of a complete generation.
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- [Sheflug] preventing bypass of proxy settings in browsers
  - From: Pete Collier
- Re: [Sheflug] preventing bypass of proxy settings in browsers
  - From: Alan Pope

Prev by Date: Re: [Sheflug] preventing bypass of proxy settings in browsers
Next by Date: RE: [Sheflug] preventing bypass of proxy settings in browsers
Previous by thread: Re: [Sheflug] preventing bypass of proxy settings in browsers
Next by thread: RE: [Sheflug] preventing bypass of proxy settings in browsers
Index(es):
- Date
- Thread