D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Locking down Gnome on Debian 3.1

 

Tom Brough wrote:

Rob Beard wrote:

John Botwright wrote:

Rob Beard <rob@xxxxxxxxxxxxxxxxxxxxxx> wrote on 05.10.10 20:35:
...
I also noticed that at the moment they can disable the proxy server if they go into the settings, I remember a few years back there was a way of locking down Netscape in Windows, although I can't find much on Linux for Firefox and I wouldn't know where to start with the source code :-o


...

Hi Rob. You'll be pleased to hear that no source is needed.
You can set up your firewall to only allow web access via the proxy. The clients need no modification.

Cheers,
John

John,

Do you know how I can do this? I'm a novice when it comes to the firewall on Linux.

Rob


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html

IIRC :-

Enable your web proxy on your firewall and tick the "transparent" box. If the client machine goes straight out to the world on the http / https port then the firewall detects this an redirects the traffic back to the proxy (usually squid) which then processes it appropriately . If they have the auto detect option set for their browsers proxy settings or you have given specific entries to point directly to the proxy then they will go directly to the proxy server on the firewall (which will save some redirection time). So whatever the little bas.... angels get up to they have no option but to go through the proxy.

But then again I'm no expert on these things either.

Tom.

I'm guessing I could setup a DHCP option for proxy server?

I'll take a look, I did another search today, specific to my proxy server which is running Squid and Dans Guardian on an SME Server box. It appears there are some firewall rules on it which can deny outside net access and setup the transparent proxy.

Rob


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html