Search squid archive

Squid + multiuser + firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a network with the computers (for the purposes of this exercise).

Anubis: firewall/gateway
Athena: dual-seat workstation
Selene: four-seat workstation, server, squid box

I want to set up transparent proxying. I don't trust my control over Athena. It can be compromised.

The setup I want:

Anubis sends all requests for port 80 to selene port 3128
Selene does the proxy thing, and sends the packet out via Anubis to the www.

So the problem with the above is that I want Anubis to only accept those packets which originate with the proxy user on Selene, not any of the other users on Selene.

I absolutely do not want a user on Athena to be able to get out on the web without going through the proxy, and I am assuming that Athena is compromised.

I can think of a couple of other ways of doing this, but all leave open the possibility of a user on Selene getting out on the web without going through the proxy.

The only way I can think of doing this is to set up Selene as the gateway, have Anubis refuse all connections to port 80 except those originating on Selene, and then firewall the output chain on Selene to only allow the proxy user via the uid option of the owner module.

Is anyone doing this - multiple users on the squid box?

--Yan

--
Yan Seiner
Support my bid for the 4J School Board.
Visit http://www.seiner.com/schoolboard



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux