Hi, It seems that the firewall sees all pages as coming from the proxy and thus is allowing everything. You might require to setup another proxy for the intranet and make it a slave to the main proxy and also put additional access control lists on the local proxy for local web servers. Also set the firewall so that only requests from the local proxy can reach the proxy outside and that port 80 requests can only go out from the proxy and that the proxy acceps port 80 requests for the local net. Other than this I don't know if IPchains can handle headers of web pages (it would also mean DNS lookups for the firewall). Or you can ask the admin of the main proxy to set up ACL so that local net cannot receive any pages cached from local net web servers. HTH, Indraneel On Mon, 12 Mar 2001, XingFei wrote: > But the real problem is when I set the client machine in the local network > with a Proxy which is outside of the Linux Firewall, in order to enable > those consultants to surf in internet. Note the Proxy is in the Big company > intranet, and even the Linux Firewall should use it as proxy if it want to > access to internet. > I found that the Proxy seemed have the power can invalid the rules I have > set, ie. those consultants can access to the intranet web servers should be > forbidden. -- http://www.indialine.org - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
