spikes said: > On 11/20/2003 2:56 PM, Francis D. Dimzon wrote: >> Hello guys! >> >> I enable nat in my gateway/proxy. Now users/students can browse the net >> if they bypass the proxy(direct connection to the internet). >> How to i setup iptables rules to get around with this. >> I need to proxy so that i can control which machines will have net >> connection. >> >> Please help...
> > You can also try transparent proxying so there'll be no changes in > client configurations. err. I think what he is trying to do is to mandate all users to use the proxy and not route themselves directly to the internet by using the the gateway as their default gw. right? well if thats the case, you could tell iptables to drop all packets that are not from trusted hosts. example: if the proxy server(trusted host) hw address is: 11:22:33:44:55:66, add to the input chain of iptables 'iptables -I INPUT -m mac --mac-source ! 11.22.33.44.55.6 -j DROP', this will drop all packets that are not from the proxy server. hope this helps. cheers, -- "#include <stdio.h>" Marc Henry Galang winmarctechnologies.com.ph www.free.net.ph/Members/marc Google: "Marc Henry Galang" MD5 Signature = 904a13d379c58ec8ea964bbbf0a5e55c -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
