On Wed, 03 Jan 2007 13:18:47 -0500 Jeffrey Ross <jeff@xxxxxxxxxx> wrote: > Kevin Kempter wrote: > > Hi List I have FC6, FC5, CentOS and Mepis boxes in my network. I have a proxy > > which filters web access. I want to be able to force the entire network to > > use the proxy. Currently I've simply gone to firefox and added the proxy to > > the connection settings - however any user could change this back to direct > > connection if they wanted to... > > > > How can I force the network for each box to use the proxy and basically not > > work at all if the user tries to use a direct connection to the internet? > > > > > > Thanks in advance > > > > > Can you set your router/gateway to refuse web connections from any > device other than your proxy server? Most web sites use tcp port 80 (and 8080 and also the https:// service ports) You can also use the masquerading and transparent proxy features in the kernel to do this transparently. One other thing you need to do to make this foolproof is to ensure the proxy talks to the firewall by a different network cable to the clients so that they can't impersonate the proxy. Alan
