Hi,
I have
installed a firewall running on linux on summer. In the server firewall,
content filtering and proxy are running. P2P and IM programs are also blocked
with l7 filter. And there is a rule that sends all http connections to content
filtering software. I think this is transparent proxy. :) The rule is as below
-A
PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
Anyway, but
the users found another gap on the system, now they can connect any web site
with free or university proxies. Firstly I found a solution which if I send
connections
on port of Proxy to content filtering software, the content filtering software
can handle this. But there is 65534 ports to forward. :)
Then,
l7-filter save me one more time. Now I send the connections having destination
port other than 80 and protocol http to content filtering software. It is ok
until
now. But the connections are directly being made with the firewall. (Not
connecting to desired proxy). The users on the network want to connect to proxy
because they want to research
on libraries that can be only accessible via university proxy.
I mean I
have to send the proxy connections to proxy and the returned data must be
filtered
via content filtering software. The diagram of this situation is
Host -->
Firewall --> Content Filtering Software --> Proxy --> Proxy of University -->
Http Server --> Proxy of
University --> Proxy --> Content Filtering Software --> Firewall --> Host
But the system are running as follows (Defining proxy on browser doesn't matter)
Host -->
Firewall --> Content Filtering Software --> Proxy --> Http Server --> Proxy
--> Content Filtering Software --> Firewall --> Host
Thanks for
your help
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|