forcing a user through squid on local system
Scot L. Harris
webid at cfl.rr.com
Mon Nov 8 00:58:42 UTC 2004
On Sun, 2004-11-07 at 12:01, Kumar Swamy wrote:
> Hello,
>
> This is my first post in this mailing list.
> I have a peculiar problem. The gateway of my small network is a linux
> box with Squid running in a transparent mode.
> This transparent proxy can force all the systems behind it to go
> through Squid.
>
> The problem now is to force users working locally on
> the proxy to go through Squid because I cannot give the command:
> iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
> as the request from Squid also would go through the OUTPUT chain in
> the NAT table.
> Any advice would be helpful.
>
> TIA.
> Swamy
In most cases the server acting as you proxy should not have any local
users on it. It should be dedicated to that one function. This lets
you setup your firewall to only allow http access from the proxy.
--
Scot L. Harris
webid at cfl.rr.com
If you sit down at a poker game and don't see a sucker, get up. You're
the sucker.
More information about the users
mailing list