Tue Sep 16 09:30:30 NZST 2003
> RH 9, running squid and Dan’s Guardian.
> How to block port 80?
> Students are bypassing squid and getting strait out to the net.
> IPchains was set up originally, but has lost it settings and know does
> not want to work.
Is there any reason your internal machines need to connect to the
Internet direct? You want to enforce proxy usage for web/ftp traffic,
are there any legitimate reasons internal machines will have for
directly traversing your border?
If not, dont set a default route, and dont forward packets for those
machines. This has the added bonus of stopping any virus propagation (if
an internal machine gets infected, it wont start connecting to a zillion
random hosts on the Internet as it doesn't have a default route!).
I do this at one school at it works fine. We have internal mail, and the
only valid Internet-bound traffic from any of the machines is http/ftp.
It also stops people using kazaa or instant messenger (until they work
out to use http proxies for those things, anyway)
More information about the wlug
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.