A long time ago, in a galaxy far, far way, someone said... > Well I want to filter what is allowed to be accessed. I noticed that when I > choose not to use a proxy in IE I still cann access the web. Is there a > way to stop access to the web unless they use the proxy ?
You want what's called a transparent proxy. To set one up, you set the router/firewall that's protecting your internal network to redirect almost any outgoing connection on port 80 to the web proxy software. I say almost because the proxy software itself needs unrestricted access to port 80. These are the firewall rules I run with kernel 2.2 (the squid cache is on port 3128 of the firewall): ipchains -A input -d 127.0.0.1 80 -p tcp -j ACCEPT ipchains -A input -d 172.16.2.1 80 -p tcp -j ACCEPT ipchains -A input -s 172.16.2.0/24 --dport 80 -p tcp -j REDIRECT 3128 Check the manpage of 'ipchains' for more details on the REDIRECT target. -- ---------------------------------------------------------------------- Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien