RH 9, running squid and Dan’s Guardian.
How to block port 80?
Students are bypassing squid and getting strait out to the net.
IPchains was set up originally, but has lost it settings and know does not want to work.
Is there any reason your internal machines need to connect to the Internet direct? You want to enforce proxy usage for web/ftp traffic, are there any legitimate reasons internal machines will have for directly traversing your border? If not, dont set a default route, and dont forward packets for those machines. This has the added bonus of stopping any virus propagation (if an internal machine gets infected, it wont start connecting to a zillion random hosts on the Internet as it doesn't have a default route!). I do this at one school at it works fine. We have internal mail, and the only valid Internet-bound traffic from any of the machines is http/ftp. It also stops people using kazaa or instant messenger (until they work out to use http proxies for those things, anyway)