PF: block out port 80 so that not allow clients in LAN to browse
Internet via port 80
cuongvt at fpt.vn
Tue Sep 25 17:05:24 PDT 2007
On Tuesday 25 September 2007 23:40:14 RW wrote:
On Tue, 25 Sep 2007 20:52:16 +0700
vuthecuong <cuongvt at fpt.vn> wrote:
Recently I used squid for cache proxy configured to go internet
through port 3128.
But internet browser in LAN still connect to Internet through port 80
if in conenction option of Internet browser is chose to connect
directly to internet,
not through proxy server.
So how can I block out port 80 so that LAN clients must go to
internet through port
3128 via proxy server?
Tnx in advanced
Blocking a port with PF is really basic. If you have to ask you would
be better-off reading about PF first, before you do anything.
Well, he could block, but transparently doing it without annoying users is
Vuthecuong, the following line will redirect traffic from the local net to
port 80 on the internet to squid on port 3128:
rdr on $int_if proto tcp from $int_if:network to any port www -> \
$int_addr port 3128
where $int_if is the internal interface, $int_addr the address on the internal
interface squid listens on and $ext_if the external interface.
There's a full article on how to set this up, here:
I learn that.
tnx u very much
1. mailto:cuongvt at fpt.vn
More information about the freebsd-questions