[K12OSN] Locking Down Firefox

James P. Kinney III jkinney at localnetsolutions.com
Thu Oct 5 13:17:49 UTC 2006 

On Wed, 2006-10-04 at 13:23 -1000, R. Scott Belford wrote:
> James P. Kinney III wrote:
> 
> > Ah! Hormones do drive a certain level of tech savvy. :)
> > 
> > A better work around is to force ALL web traffic through the gateway to
> > go through the squidguard/dansguardian filter using iptables trickery.
> > The kids at the terminals can't monkey with that. 
> 
> Thanks, James.  My K12LTSP server is also the squidguard/dansguardian 
> filter.  I thought that the transparent-proxy-dg package was doing this.
> 
> > 
> > iptables -A PREROUTING -p tcp -m tcp ! -d <your IP address scheme>/<your
> > net mask> -i <your incoming ethx device> --dport 80 -j REDIRECT
> > --to-port 3128
> 
> So, I have typed the following at the terminal
> 
> iptables -A PREROUTING -p tcp -m tcp ! -d 192.168.0.254/255.255.255.0 -i 
> eth1 --dport 80 -j REDIRECT --to-port 3128
> 
> and I get this response
> 
> iptables: No chain/target/match by that name

The PREROUTING target doesn't exist in the default table filter. Sorry,
it needs to be:

iptables -t nat -A PREROUTING .....

Must specify the correct table to use (the one where the chain
PREROUTING is would be best :)
> 
> ?
> 
> > 
> > Do the same thing again for --dport 440 to grab the https traffic and
> > last but not least
> > iptables -A INPUT -p tcp -m tcp -i <you incoming ethx device> --sport
> > 3128 -j ACCEPT
> > to accept packets into the squid proxy. squid will talk to dansguardian
> > by localhost sockets with are (usually) not blocked.
> 
> --scott
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/k12osn/attachments/20061005/4d722e82/attachment.sig>

More information about the K12OSN mailing list