Squid and IPFW
iaccounts at ibctech.ca
Sat Jun 2 13:37:49 UTC 2007
>>> I would like to setup a gw / firewall (IPFW) which will also run
>>> Squid, in order to restrict access to certain websites
>>> or to allow certain workstations to have full access to the internet.
>>> How can I redirect all traffic going to port 80 on the gw, to port
>>> 3128 on Squid
>> Are you really sure you want to do that way? Squid wont be able to
>> control access to https or ftp. And what about http on non-standard
>> ports, e.g. http://easynews.com:81
> The people that are smart enough to get around this kind of a block
> in an organization are generally not the problem. It is the morons that
> have no concept of appropriate use of the Internet in the workplace
> who are the problems, and they will be effectively stopped.
I agree with Ted here. It's the innapropriate web surfers who are the
main problem, however, traffic filters will catch people using odd
ports, and firewall rules are there to fix this.
> I use much the same setup for my 8 year old son. He only gets Internet
> access to websites that we have approved and added to the squid list.
May I make a recommendation for DansGuardian for home users. I have used
it for a few years now, and instead of maintaining just a single list of
allowed sites, it does a fantastic job of filtering the actual content,
images, url's and a bunch of other things.
Of course physical observance is the best approach, but the
Squid/Dansguardian approach works exceptionally well when you have to
walk away. (I have 4 kids ranging from 5 to 13).
More information about the freebsd-questions