University Crest

[wlug] port 80

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Craig Box craig@d...
Mon Sep 15 18:45:35 NZST 2003


> RH 9, running squid and Dan’s Guardian.
> 
> How to block port 80?
> 
> Students are bypassing squid and getting strait out to the net.
> 
> IPchains was set up originally, but has lost it settings and know does
> not want to work.

Hi Terry

Red Hat Linux 9 uses the 2.4 series kernel, which uses iptables for its
firewalling.  (ipchains was used in 2.2 kernels, and while support for
it can be compiled in, it's recommended that people use iptables.)

You need to block port 80 on the gateway machine, which I assume is
already running a firewall of some sort to masquerade (and is also
running squid).  If not, the advice might need to be modified slightly.

The simplest way is much like:

# iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REJECT

Replace $INTIF with eth0, etc, for the interface of your internal
network.

You might also want to look at using DNAT to redirect anything that
isn't from the squid machine, to the squid port.  That way even if
people don't use the proxy, they're using the proxy.  (Which is also
Matthias's suggestion (which arrived while I was writing mine)):

# iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 \
  -j REDIRECT --to-port 3128

Craig




More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato