[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] preventing bypass of proxy settings in browsers
On Wednesday 29 September 2004 08:35, Alan Pope wrote:
> On Wed, 29 Sep 2004 07:29:52 +0100, Pete Collier <pecb [at] nildram.co.uk> wrote:
> > I've managed to get dansguardian and local proxy working on my
> > standalone machine. However it is possible for a user to alter their
> > settings in a browser to direct connection instead of proxy. This makes
> > dansguardian ineffective. How do I stop someone from altering the
> > settings to direct connection?
> >
> > Peter C
>
> Block ports on the firewall for traffic originating at the client PCs
> using ports used by proxies, including 80, 1080, 8080, 3128 etc?
>
> That way to get out via http they have to go via your box.
>
> Cheers,
> Al.
I have no other computers connected to mine. It's running Suse 9.1 and I have
set up 5 accounts/users on it for my 2 lads and the grandchildren. My
internet searches have shown details for redirecting but seem always to be
referring to multiple machines, not to one that's on it's own. I've got squid
on 3128 and dansguardian on 8080 but I've not grasped how to set the firewall
up to this. Do I edit additional TCP services in YaST? I've tried
understanding and editing /etc/sysconfig/susefirewall2, adding the line I saw
in an example :-
FW_REDIRECT="10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080"
but thats not worked. Perhaps 172.20.1.1 should be 172.0.0.1 or am I looking
in the wrong place?
Peter C
___________________________________________________________________
>
> Sheffield Linux User's Group -
> http://www.sheflug.co.uk/mailfaq.html
>
> GNU the choice of a complete generation.
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.