From owner-freebsd-isp Mon Jun 29 06:44:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA16975 for freebsd-isp-outgoing; Mon, 29 Jun 1998 06:44:27 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from NIH2WAAE (smtp5.site1.csi.com [149.174.183.74]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA16958 for ; Mon, 29 Jun 1998 06:44:20 -0700 (PDT) (envelope-from lem@cantv.net) Received: from mail pickup service by csi.com with Microsoft SMTPSVC; Mon, 29 Jun 1998 09:43:49 -0400 Received: from lem (sf-dnpqj-110.compuserve.net [206.175.228.110]) by hil-img-ims-1.compuserve.com (8.8.6/8.8.6/IMS-1.3) with SMTP id JAA04651; Mon, 29 Jun 1998 09:42:31 -0400 (EDT) Message-Id: <3.0.5.32.19980629092935.03b12830@pop.cantv.net> X-Sender: lem@pop.cantv.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 29 Jun 1998 09:29:35 -0400 To: Bo Fussing From: Luis Munoz Subject: Re: cisco Cc: Evren Yurtesen , freebsd-isp@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:53 PM 29/06/1998 +0800, Bo Fussing wrote: [snip] >> hello >> this is not exactly related to freebsd, sorry but... :) >> well I want to restrict my users to use port 80 to surf on the net, >> instead I want them to use my proxy server at port 8080. >> because I have limited bandwidth, also I just want to close port 80 >> for my users, the other people should be able on the outside should >> be able to connect my proxy server. I've run a shop like that for more than two years now. It's a pain in the neck from the support point of view, as every time a luser downloads the new browser of the week, will call you because it doesn't work! If you're starting, please do consider transparent proxying. My understanding is that it can be done in FreeBSD with now problem, though I've failed to find a good example/tutorial/howto explaining the process. You can use 'policy routing' on your cisco to divert web traffic to your proxy, specially if you have little bandwidth. This also protects you from the death of your proxy, which is another support nightmare. >> also I want to do the reverse action to my un*x machines... >> I do not want other people who are not belonging to my domanin >> to be able to make telnet to my machines, but I want the people here >> to be able to make telnet to their accounts outside... For this, packet filters work real nice. You could also use tcp-wrappers, which offer another layer of protection and provide for more logging, but take a step at a time. You should take a look at secure shell. Regards and good luck. -lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message