[ Apologies for the delay, Rob. ] --- Rob Keeling <rob@rjkeeling.freeserve.co.uk> wrote:
The structure goes something like this. External if is connected to our school network, on a 10.4. address.
10.4.X external, eh?
On the external interface we will have a switch, conecting to multiple laptops (which we can`t change the settings on). I had thought of using NAT and a different ip range for the laptops assigned by dhcp.
YUp, that's make life slightly easier in terms of packet filtering, I suppose. Are you still wanting to go down the IPTables route, or are you still open for ideas? The reason I ask, is that based on what you've said here, it might be "better" to use a dedicated firewall machine -- say, IPCop (some would say use "Smoothwall", but I have my reasons as to why *I* personally don't recommend it.) You might find it more beneficial that way. I also hear their web-interface is quite friendly. If you still want to try IPTables, I can rustle some examples up for you, if you like. I'm deliberately holding out, until I know the direction you want to take, Rob.
Our internal mail server (mail) could easily forward the mail traffic
Yes, it could. Just make sure that if that's NATtting, and you have no subdomains that explictly require their own mail domain, that they don't get lost. But I wouldn't imagine you do.
on, and we already have a local squid cache that I could copy the config of to create a transparant proxy, however the squid faq says you can`t transparent proxy https.
Just so we're clear in the above, I assume you mean "https://" as a protocol, and not "http's" (many http requests.)?
Does that help discribing the problem?
Yes. -- Thomas Adam ___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com