From owner-freebsd-questions@FreeBSD.ORG Sat Jun 2 13:37:49 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1271216A41F for ; Sat, 2 Jun 2007 13:37:49 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210]) by mx1.freebsd.org (Postfix) with ESMTP id C265513C44C for ; Sat, 2 Jun 2007 13:37:48 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: (qmail 84761 invoked by uid 1002); 2 Jun 2007 13:37:48 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(208.70.107.100):. Processed in 15.782129 secs); 02 Jun 2007 13:37:48 -0000 Received: from unknown (HELO ?192.168.1.210?) (steve@ibctech.ca@208.70.107.100) by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jun 2007 13:37:31 -0000 Message-ID: <466172C9.7050905@ibctech.ca> Date: Sat, 02 Jun 2007 09:38:17 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Squid and IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jun 2007 13:37:49 -0000 >>> I would like to setup a gw / firewall (IPFW) which will also run >>> Squid, in order to restrict access to certain websites >>> or to allow certain workstations to have full access to the internet. >>> How can I redirect all traffic going to port 80 on the gw, to port >>> 3128 on Squid >> Are you really sure you want to do that way? Squid wont be able to >> control access to https or ftp. And what about http on non-standard >> ports, e.g. http://easynews.com:81 >> > > The people that are smart enough to get around this kind of a block > in an organization are generally not the problem. It is the morons that > have no concept of appropriate use of the Internet in the workplace > who are the problems, and they will be effectively stopped. I agree with Ted here. It's the innapropriate web surfers who are the main problem, however, traffic filters will catch people using odd ports, and firewall rules are there to fix this. > I use much the same setup for my 8 year old son. He only gets Internet > access to websites that we have approved and added to the squid list. May I make a recommendation for DansGuardian for home users. I have used it for a few years now, and instead of maintaining just a single list of allowed sites, it does a fantastic job of filtering the actual content, images, url's and a bunch of other things. Of course physical observance is the best approach, but the Squid/Dansguardian approach works exceptionally well when you have to walk away. (I have 4 kids ranging from 5 to 13). Steve