pages from exactly which network do you want to stop from reaching the localnet ? If you want pages from the company network to stop reaching the localnet simply put a proxy on the gateway of the localnet. this machine must not cache or send requests for any pages on any server in the company network. ie this proxy asks the company proxy for pages but if the page is on a machine with company IP, it is not requested and you get an access denied error. for this to occur this local proxy must do the DNS lookups itself and not pass them to the upstream proxy. Also the localnet must not be able to access the external proxy or other web servers directly so block that on the gateway of the localnet. Only the proxy on the localnet gateway/firewall should be able to connect to the external proxy. HTH, Indraneel On Mon, 12 Mar 2001, XingFei wrote: > I am sorry that my illustration maybe a little bit confused > > Actually, the internal interface of the firewall is 192.168.1.1, which will > be set as default gateway in the local machine > > and the external interface of the firewall is 129.249.178.50, which can be > routed to the Company Proxy server 129.249.213.100. > > the key problem is , whether I add own proxy in the local network or not, > all the HTTP request to the internet must though the Company Proxy server > > I have been bogged down on the question -- http://www.indialine.org - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
