RH 9, running squid and Dan’s Guardian.
How to block port 80?
Students are bypassing squid and getting strait out to the net.
IPchains was set up originally, but has lost it settings and know does not want to work.
Hi Terry Red Hat Linux 9 uses the 2.4 series kernel, which uses iptables for its firewalling. (ipchains was used in 2.2 kernels, and while support for it can be compiled in, it's recommended that people use iptables.) You need to block port 80 on the gateway machine, which I assume is already running a firewall of some sort to masquerade (and is also running squid). If not, the advice might need to be modified slightly. The simplest way is much like: # iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REJECT Replace $INTIF with eth0, etc, for the interface of your internal network. You might also want to look at using DNAT to redirect anything that isn't from the squid machine, to the squid port. That way even if people don't use the proxy, they're using the proxy. (Which is also Matthias's suggestion (which arrived while I was writing mine)): # iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 \ -j REDIRECT --to-port 3128 Craig