On 31-May-01 stephane parenton wrote:
We're using squid 2.2.stable5 as proxy on a SuSE 7.0 box and i would like ALL users to go through the proxy... I know we have some users that play with internet and disable their proxy parameters.... how can I ban "direct internet access" so only proxy connections pass through (whatever is configure on users win stations) ?
One way would be to set up a transparent proxy: You route traffic through the machine that has squid running on it (make it to the default gateway) and use a firewall rule that redirects traffic to the squid-port, e.g.: /sbin/ipchains -A input -i eth0 -p tcp --destination-port 80 -j REDIRECT 3128 /sbin/ipchains -A input -i eth0 -p tcp --destination-port 443 -j REDIRECT 3128 ...assuming that the websites the guys are surfing only use standard http / https ports. The second thing you have to do is to configure your squid to do http acceleration so that it can handle request like "http://target.com" instead of "http://target.com@your.proxy.address" which is the default proxy-request if I remember correctly. You find the detailed setup for that on www.squid-cache.org (look for reverse / transparent / acceleration proxy)
Stephane
Bjoern Engels