Hi all and thanks for your answers. Sorry for this late reply, only today I continue with this problem.
> In general, I think it's much easier to to this sort of thing using a > separate machine for the firewall/filter/proxy. Totally all right. But this install is for a school (very small budget), so we can only install 1 server. Sure an (very) old machine would run fine as /proxy/firewall, but for other reasons, I can only install 1 server. Normally, I use shorewall, but for my tests, I stopped shorewall, flushed all tables and put : (I have 2 nic, eth0/net and eth1/lan; on Debian, the squid user is "proxy") # For fat clients # echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # For thin clients # iptables -A OUTPUT -o eth0 -p tcp --dport www -t nat -m owner --uid-owner root -j ACCEPT # iptables -A OUTPUT -o eth0 -p tcp --dport www -t nat -m owner --uid-owner proxy -j ACCEPT # iptables -A OUTPUT -o eth0 -p tcp --dport www -t nat -j REDIRECT --to 3128 And ... runs well with fat clients but not with the thin ones. # tail -f /var/log/squid/access.log 1233654616.996 0 192.168.0.252 TCP_DENIED/403 1472 GET http://www.google.com/favicon.ico - NONE/- text/html I know that I can easely deny access to port 80 and configure firefox to use proxy, but I'd really want to install successfully this transparent proxy ! Any ideas ? Manu ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
