Ubuntu – iptables rule to force all browsers to use proxy

iptablesPROXY

I have installed squid as my proxy server in Ubuntu 10.04 standalone system which has a single NIC. Why i have installed Squid in a standalone system is because of my friends who uses my system to browse sites and download files. So I have installed Squid to block porn sites and downloads. But they simply bypass the proxy settings by disabling it in browser..I know there is some way to force all browsers to go through proxy using iptables. But how? I have searched everywhere for the answer but cant get the right one yet. Can somebody help me?

Best Answer

First block direct access to port 80 for all except root and squid. (root needs it to get updates for your system). (I'm assuming squid runs as user proxy - edit as appropriate).

iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner proxy -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j DROP

Then you can set up firefox to use squid as a proxy as normal. If your friends change the settings then they will be blocked.

Note that squid can't proxy https traffic, so I haven't put those details in these rules. If you want to do only filtering with no proxying or caching, then you could use DansGuardian. This is a guide to using dansguardian with some users excluded from the filtering. The guide will mean that https (port 443) will be filtered by DansGuardian, as well as http (port 80).

Best Answer

Related Solutions

Ubuntu – Simple and easy way to bypass blocked sites

Ubuntu – Restricting Internet access of some LAN clients to a few websites using an Ubuntu gateway

Related Question