Date: Sat, 02 Jun 2007 09:38:17 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: freebsd-questions@freebsd.org Subject: Re: Squid and IPFW Message-ID: <466172C9.7050905@ibctech.ca> In-Reply-To: <BMEDLGAENEKCJFGODFOCMEBOCAAA.tedm@toybox.placo.com> References: <BMEDLGAENEKCJFGODFOCMEBOCAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>> I would like to setup a gw / firewall (IPFW) which will also run >>> Squid, in order to restrict access to certain websites >>> or to allow certain workstations to have full access to the internet. >>> How can I redirect all traffic going to port 80 on the gw, to port >>> 3128 on Squid >> Are you really sure you want to do that way? Squid wont be able to >> control access to https or ftp. And what about http on non-standard >> ports, e.g. http://easynews.com:81 >> > > The people that are smart enough to get around this kind of a block > in an organization are generally not the problem. It is the morons that > have no concept of appropriate use of the Internet in the workplace > who are the problems, and they will be effectively stopped. I agree with Ted here. It's the innapropriate web surfers who are the main problem, however, traffic filters will catch people using odd ports, and firewall rules are there to fix this. > I use much the same setup for my 8 year old son. He only gets Internet > access to websites that we have approved and added to the squid list. May I make a recommendation for DansGuardian for home users. I have used it for a few years now, and instead of maintaining just a single list of allowed sites, it does a fantastic job of filtering the actual content, images, url's and a bunch of other things. Of course physical observance is the best approach, but the Squid/Dansguardian approach works exceptionally well when you have to walk away. (I have 4 kids ranging from 5 to 13). Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?466172C9.7050905>