Search squid archive

Re: Squid + multiuser + firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I have a network with the computers (for the purposes of this exercise).
>
> Anubis: firewall/gateway
> Athena: dual-seat workstation
> Selene: four-seat workstation, server, squid box
>
> I want to set up transparent proxying.  I don't trust my control over
> Athena.  It can be compromised.
>
> The setup I want:
>
> Anubis sends all requests for port 80 to selene port 3128
> Selene does the proxy thing, and sends the packet out via Anubis to the
> www.
>
> So the problem with the above is that I want Anubis to only accept those
> packets which originate with the proxy user on Selene, not any of the
> other users on Selene.
>
> I absolutely do not want a user on Athena to be able to get out on the
> web without going through the proxy, and I am assuming that Athena is
> compromised.
>
> I can think of a couple of other ways of doing this, but all leave open
> the possibility of a user on Selene getting out on the web without going
> through the proxy.
>
> The only way I can think of doing this is to set up Selene as the
> gateway, have Anubis refuse all connections to port 80 except those
> originating on Selene, and then firewall the output chain on Selene to
> only allow the proxy user via the uid option of the owner module.
>
> Is anyone doing this - multiple users on the squid box?
>
> --Yan
>

Do that port-80 block for all IPs except the proxy.
Use authentication on the proxy.

http://wiki.squid-cache.org/ConfigExamples is a good place to start
looking at how to do auth.

Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux