Mon Sep 15 18:45:35 NZST 2003
> RH 9, running squid and Danâs Guardian.
> How to block port 80?
> Students are bypassing squid and getting strait out to the net.
> IPchains was set up originally, but has lost it settings and know does
> not want to work.
Red Hat Linux 9 uses the 2.4 series kernel, which uses iptables for its
firewalling. (ipchains was used in 2.2 kernels, and while support for
it can be compiled in, it's recommended that people use iptables.)
You need to block port 80 on the gateway machine, which I assume is
already running a firewall of some sort to masquerade (and is also
running squid). If not, the advice might need to be modified slightly.
The simplest way is much like:
# iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REJECT
Replace $INTIF with eth0, etc, for the interface of your internal
You might also want to look at using DNAT to redirect anything that
isn't from the squid machine, to the squid port. That way even if
people don't use the proxy, they're using the proxy. (Which is also
Matthias's suggestion (which arrived while I was writing mine)):
# iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 \
-j REDIRECT --to-port 3128
More information about the wlug
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.