Hi Stephane, I don't know if you are using kernel 2.4 on your proxy(-machine) but if you are you can use iptables to do this. You can do the following iptables -A SQUID = "your proxy ip":"port http-traffic" (e.g. 192.168.1.1:3128) SQUIDSSL = "your proxy ip":"port SSL" (e.g. 192.168.1.1:3128) iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to $SQUID iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to $SQUIDSSL Greetings, Nash P.S. I "borrowed this from http://www.securityportal.com/articles/netfilter20010219.html" On Thursday 31 May 2001 11:55, you wrote:
Hi,
We're using squid 2.2.stable5 as proxy on a SuSE 7.0 box and i would like ALL users to go through the proxy... I know we have some users that play with internet and disable their proxy parameters.... how can I ban "direct internet access" so only proxy connections pass through (whatever is configure on users win stations) ?
Regards Stephane
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com