Re: [seul-edu] (FWD) ipchains with squid (Re: What we're doing ...)

[sala@cbint.org]

Roger Dingledine escribió:
> 
> ----- Forwarded message from owner-seul-edu@seul.org -----
> 
> Date: Mon, 12 Jun 2000 14:36:13 -0700
> From: "Daniel P. Kionka" <dan@kionka.org>
> To: seul-edu@seul.org
> How do you use ipchains to force using a proxy?  Someone earlier
> mentioned it could be done, and made it sound simple, but when I tried
> it, all network support stopped and I had to go to the console to fix
> it.
> 
> What I have now is the basic MASQ setup.  I manually set the squid
> proxy, but that can easily be undone.
> 
> Is the key to it blocking all outgoing traffic using port 80?  What if
> the web site uses 8080?  Instead of blocking, can you redirect it to the
> squid port?
> 
> Dan
> 

Well, basically you set a REDIRECT rule. Here's a snip from the
firewalling rules i posted a while ago here (i'll send them to you by
mail if you want, but they must be in this/last month's seul-edu list
archives):

/sbin/ipchains -A input -j REDIRECT 3128 -i $INTIF -p tcp -s $INTLAN -d
$INTLAN www $LOGGING

where $INTIF is the internal network's interface (usually is one of the
eth's), $INTLAN is the internal network (here is 192.168.0.0/24) and
$LOGGING is just "-l" that indicates squid that every redirect should be
logged (i turn that off in mine because it usually can make the logs
grow a lot, i leave that to squid's access.log)


----------------------------------
Jaime Herazo B.
Colegio Cristiano J. Vender Murphy
----------------------------------