Hello All, I have installed Shorewall 2.0.7 and configured , I am using masq to share internet for users. I have problem of perticular sites . I blocked site IP address. and succeeded but i have problem of Public proxy addresses , some user use anonymous proxy Ip and get thru it and use blocked sites. I blocked Public proxy adresses but it lot of them( I mean more than one public proxy servers) I fed up blocking IP addresses , so any other way to block using proxy?? How do i stop using proxy server for my users?? Thanks With Regards Amit Patel --------------------------------- Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now.
On Tue, 2004-08-24 at 23:34 -0700, Amit Patel wrote:> Hello All, > > I have installed Shorewall 2.0.7 and configured , I am using masq to share internet for users. > I have problem of perticular sites . I blocked site IP address. and succeeded but i have problem of Public proxy addresses , some user use anonymous proxy Ip and get thru it and use blocked sites. > > I blocked Public proxy adresses but it lot of them( I mean more than one public proxy servers) I fed up blocking IP addresses , so any other way to block using proxy?? > > How do i stop using proxy server for my users?? > > >The most effective way to prevent this will be to change your loc->net policy. Instead of being ACCEPT, it should be REJECT. Explicitly permit certain outbound traffic in your rules file (though better yet, use a SOCKS proxy so users don''t go outbound directly at all). If you give them just one port, they can get through and completely subvert your firewall. Take a look at OpenVPN. If you have an external box that you can run it on, you can have it run on whatever port you choose, TCP or UDP so the internal client can hit it and use it as a proxy to anything and everything else. The only way to prevent that is to not allow direct outbound traffic from your user base - and even that will probably not be foolproof. -- David T Hollis <dhollis@davehollis.com>
Hello David and all, Thanks for your mail, Now i need help to setup proxy server. i have some query. I am using shorewall 2.0.7 and using masq to share internet but i need to restric and monitor usages of internet. so i have some query. 1. is it good to intall squide proxy server? 2. can i see all logs which my other users whatever can surf? 3. Can I restrict downloads uploads to users? 4. can i give full access to some users? 5. how can i restric webisites? 6.How do i monitor users internet usages(e.g. which websites surfing?) Please give me some solutions for that, please guys suggest me which is better solution. My first priotity to monitor user websurfing logs. so please help me. David T Hollis <dhollis@davehollis.com> wrote: The most effective way to prevent this will be to change your loc->net policy. Instead of being ACCEPT, it should be REJECT. Explicitly permit certain outbound traffic in your rules file (though better yet, use a SOCKS proxy so users don''t go outbound directly at all). If you give them just one port, they can get through and completely subvert your firewall. Take a look at OpenVPN. If you have an external box that you can run it on, you can have it run on whatever port you choose, TCP or UDP so the internal client can hit it and use it as a proxy to anything and everything else. The only way to prevent that is to not allow direct outbound traffic from your user base - and even that will probably not be foolproof. -- David T Hollis> ATTACHMENT part 1.2 application/pgp-signature name=signature.asc_______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm Thanks With Regards Amit Patel --------------------------------- Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!
Terry Gilsenan
2004-Sep-02 09:24 UTC
RE: How to Monitor web surfing thru proxy andshorewall
> -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On > Behalf Of Amit Patel > Sent: Thursday, 2 September 2004 4:53 PM > To: dhollis@davehollis.com > Cc: shorewall-users@lists.shorewall.net > Subject: [Shorewall-users] How to Monitor web surfing thru > proxy andshorewall > > Hello David and all, >Hello,> Thanks for your mail, Now i need help to setup proxy server. > i have some query. > I am using shorewall 2.0.7 and using masq to share internet > but i need to restric and monitor usages of internet. so i > have some query. > > 1. is it good to intall squide proxy server?Yes> 2. can i see all logs which my other users whatever can surf?Yes> 3. Can I restrict downloads uploads to users?Yes> 4. can i give full access to some users?Use Squid ACL''s> 5. how can i restric webisites?Use Squid and SquidGuard> 6.How do i monitor users internet usages(e.g. which websites surfing?)tail -f /var/log/squid/access.log Or similar, depending on your particular OS.>> Please give me some solutions for that, please guys suggest > me which is better solution. My first priotity to monitor > user websurfing logs. so please help me. >Use Shorewall to redirect all http traffic to squid, and use squidGuard to filter as required. I use this at several places and it works very well. Regards, T
> > 6.How do i monitor users internet usages(e.g. which websites surfing?) > > tail -f /var/log/squid/access.logAssuming you are using squid, there''s also a fancy way: http://sarg.sourceforge.net/ -Gilson Soares
Terry Gilsenan
2004-Sep-02 22:01 UTC
RE: RE: How to Monitor web surfing thru proxyandshorewall
> -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On > Behalf Of Guilsson > Sent: Friday, 3 September 2004 1:45 AM > To: Mailing List for Shorewall Users > Subject: Re: RE: [Shorewall-users] How to Monitor web surfing > thru proxyandshorewall > > > > 6.How do i monitor users internet usages(e.g. which websites > > > surfing?) > > > > tail -f /var/log/squid/access.log > > Assuming you are using squid, there''s also a fancy way: > http://sarg.sourceforge.net/ >That is very nice!, Very nice indeed! :) Thanks
Big Chiz
2004-Sep-02 23:30 UTC
Re: Re: RE: How to Monitor web surfing thru proxy andshorewall
also dont forget dansguardian On Thu, 2 Sep 2004 12:45:02 -0300, Guilsson <guilsson@gmail.com> wrote:> > > 6.How do i monitor users internet usages(e.g. which websites surfing?) > > > > tail -f /var/log/squid/access.log > > Assuming you are using squid, there''s also a fancy way: > http://sarg.sourceforge.net/ > > -Gilson Soares > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >