Martin Cavanagh wrote:
> original poster here.
> so basically as far as i know (there are a couple of people not in our
> "appartment/student hostel" who i have only met for 2 mins), every one
> is using WinXP home(came with their laptops, poor people), with myself
> and another person using WinXP Pro(self built machines, both looking at
> GenToo Linux). Everyone has their own machine . - so basically who the
> "user" is, is irrelevant to me. In addition there is also a Fileserver
> running Win2000(considering a Linux dib with sambo, but really not in a
> hurry for that) sharing movies, tools, music and the like.
> I'm really keen to avoid a proxy server, i like solutions to be
> invisible to the user, but if squid supports invisiable proxy server
> than that would be okay.
Yes, squid does this. We actually built a Linux 2.4 bridge box that has
two ethernet interfaces and sits between the customer's ethernet switch
and their WAN connection. It transparently performs Layer 4 (TCP/IP Port
based) filtering and functions as a transparent, mandatory web filter.
I used iptables and Linux's bridge functionality to accomplish this. The
box runs Red Hat Linux 7.3, so this required a custom patched kernel, as
Red Hat 7.3's stock kernel doesn't allow filtering bridge traffic in it's
most up-to-date versions. The box doesn't show up in traceroutes (because
it's a filtering bridge, not a router), and it's not possible to bypass
unless you use a non-standard HTTP port or SSL.
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)