[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Block internet access on thinclient side



Just tried this and got the error below

iptables -I PREROUTING -t nat -s 127.0.0.1 -m tcp -p tcp --dport 80 -j REDIRECT --to-destination 192.168.0.80:8080

iptables v1.3.5: Unknown arg `--to-destination'
Try `iptables -h' or 'iptables --help' for more information.


Help :-)
Brian


James P. Kinney III wrote:
Hi Brian,

It is quite easy to do what you need. The thin clients all run their web
browser on the server so only the thin client servers need to be
adjusted. iptables is the correct way to do it because proxy settings in
user configs can be changed.

iptables -I PREROUTING -t nat -s 127.0.0.1 -m tcp -p tcp --dport 80 -j
REDIRECT --to-destination <ip of proxy>:<port of proxy>

Repeat that for all other port traffic you need by just changing the 80.

You can save the final configuration with iptables-save >
iptables-saved-file
and restore with iptables-restore iptables-saved-file
On Mon, 2008-03-31 at 12:09 +0100, Brian Chivers wrote:
I'd like to block all access to the outside network / internet from our thinclients unless they go via the our proxy server. I have installed a global extension for firefox that has setup it up how I want with proxy's and bookmarks etc for all users but if you change the connection setting to "direct" you go straight out bypassing everything.

I could setup our main firewall to block the thinclient server completely but it is very useful to have full connectivity on it for things like freenx and updates.

Is it possible to setup the iptables on the k12ltsp box itself to drop or redirect all connects from the thinclient side and only allow the important ones for things like the initial booting ?

I've never played with iptables before any useful pointers would be gratefully received.

Thanks
Brian Chivers
Portsmouth College

------------------------------------------------------------------------------------------------
    The views expressed here are my own and not necessarily
the views of Portsmouth College
_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



------------------------------------------------------------------------------------------------
   The views expressed here are my own and not necessarily

the views of Portsmouth College
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]