I believe in the squid configuration file you can limit who can talk to
the squid to a single network or ip. ( I know the single network works).
so, if you use ip_alias to configure your ethernet to be 172.16.31.1
and only enable 172.16.31.x network to talk to it, then if you put in your
/etc/hosts file
172.16.31.1 squid_local
and then tell junkbuster to go throught 172.16.31.1 for its internet
access, then it should hide the 3128 from the network.
bug
On Wed, 4 Aug 1999, Steve Philp wrote:
> Hello all!
>
> I'm having a problem that maybe someone here can help me with...
>
> I've setup a proxy server running Junkbuster and Squid for Internet
> access from our corporate network.
>
> Direct Internet access is forbidden by the router, allowing only traffic
> which comes from the proxy server. Clients are expected to talk to the
> Junkbuster proxy in order to reach the Internet (this allows us to
> filter and block extremely easily). The Junkbuster proxy talks to the
> Squid proxy to cache all requests.
>
> All of this is working fine, and I'm extremely happy with the "useless
> box in the closet" as it was known prior to its new Linux life.
>
> Our problem comes here:
>
> _IF_ our clients leave the proxy configured as we set it, they talk to
> Junkbuster and get filtered access to the net. However, they _could_
> change the port from 8000 to 3128 and talk to Squid instead, yielding
> unfiltered access.
>
> Does anyone know of a way to limit Squid so that it will only talk to
> Junkbuster? I'd like to simply throw an error page if someone tries to
> talk to Squid directly.
>
> Any hints would be extremely appreciated!
>
> --
> Steve Philp
> Network Administrator
> Advance Packaging Corporation
> [EMAIL PROTECTED]
>
