> Thanks Chris (and Rob). > I am beginning to get the idea I think. Am I correct in believing that > the Filtering Machine is just 'somewhere' on the LAN as usual, and > that the users machines are then configured to point to it, so LAN > cabling is not affected? > > Also, is the arrangement fragile in some way - say, in that if for > some reason the filtering machine is not running first, then things > get really screwed up? Or does it all later settle down automatically > when the filtering machine is later turned on? > -- > alan cocks > Kubuntu user#10391 >
to add to the stuff thats already been said, I used DansGuardian as a transparent proxy, its very easy and just needs 1 iptables rule: /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 then set iptables to block 3128 for squid and no-one will know they are being content filtered and proxied until it tells them they can't access a certain page. This also means you don't have to go around setting everyones proxy manually, but this only works if you have squid/dansguardian running on the default gateway for the network. (and dont forget to add transparent into squid.conf so the line is like this: http_port 3128 transparent ) -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
