Download the Tom's Hardware App from the App Store
The reference for current tech news
Yes No
Tom's Hardware > Forum > General Networking > Firewalls > How to Stop bypassing Proxy server?

How to Stop bypassing Proxy server?

Forum General Networking : Firewalls How to Stop bypassing Proxy server?

Related Content
You have searched for "How to Stop bypassing Proxy server?" . You might be interested in the following threads:

See more for "How to Stop bypassing Proxy server?"

Can't find your answer?
Ask!

General Discussion

|

Routers & Gateways

|

VPN, Remote Connection, VoIP & Video Conferencing

|

LAN/WAN

|

Firewalls

Word :    Username :           
 
Anonymous   05-31-2004 at 03:55:06 AM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

Some of the users at my location are accessing the Internet by
bypassing the in-house proxy server. They are just typing the upstream
proxy server IP address and port number in browser and accessing the
Internet. How can I prohibit such activities? My network is on
192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
(take these IP addresses as an example). I can access 195.2.104.0
network from my location. I am using Squid Proxy server on Linux
RH8.Can anyone suggests use of IPTABLES to achieve this?

Message quoted 1 times
Reply to Anonymous
Register or log in to remove.
Anonymous   05-31-2004 at 01:53:45 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

You could try threaten to break the legs of the users that bypass the proxy,

But seriously, normally the internet gateway is on a sperate Lan and the
proxy acts like a bridge between the internet Lan and users Lan making it
impossible to bypass the proxy. Unless i've misunderstood your problem, you
need to remove the gateway off the users Lan.


> Some of the users at my location are accessing the Internet by
> bypassing the in-house proxy server. They are just typing the upstream
> proxy server IP address and port number in browser and accessing the
> Internet. How can I prohibit such activities? My network is on
> 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
> (take these IP addresses as an example). I can access 195.2.104.0
> network from my location. I am using Squid Proxy server on Linux
> RH8.Can anyone suggests use of IPTABLES to achieve this?

Reply to Anonymous
Anonymous   05-31-2004 at 05:21:05 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On mandag 31. mai 2004, 06:55 ssp2000 tried to express an opinion:

> Some of the users at my location are accessing the Internet by
> bypassing the in-house proxy server. They are just typing the upstream
> proxy server IP address and port number in browser and accessing the
> Internet. How can I prohibit such activities? My network is on
> 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
> (take these IP addresses as an example). I can access 195.2.104.0
> network from my location. I am using Squid Proxy server on Linux
> RH8.Can anyone suggests use of IPTABLES to achieve this?

I also wanted that feature and stubled across it in a news group by accident.
Here is an excerpt of the last post in that thread.
(This suggestion requires the use of iptables and not ipchains.)
Just replace the to-port "3129" with the port of your squid

I also suggest you check if eth0 is your LAN. I think he who suggested
this iptables rule use eth0 as the LAN interface.

(btw, I havent implemented this feature my self yet :-)=
I often saves features I might want in the future, in text files.)

====
>> If you want transparent Squid proxying, use this line too:
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

> Do I understand this correct if I say this will FORCE the use of a proxy
> regardless of (missing) proxy settings in the browsers (throghout the
> network)?

Only for those connecting to port 80 of a remote machine, which is certainly
the bulk of browser connections. All other ports (such as 21, 443, 8080, etc.)
will be connected exclusive of any proxy, since they don't qualify for the
REDIRECT conditions as stated.
====

btw, here is the original thread (archived). (watch for line wrap)
http://groups.google.com/groups?hl [...] &frame=off

- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAuvkET1rWTfpocyQRAkS5AKCsY9H+IEHRsSHYeAlJGZ2MCPOdogCgkzTn
BM8LMQQnoB0u/KsOp320ZNE=
=hPIl
-----END PGP SIGNATURE-----

Reply to Anonymous
Anonymous   06-02-2004 at 09:22:20 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

On 30 May 2004 21:55:06 -0700, ssp2000 spoketh

>Some of the users at my location are accessing the Internet by
>bypassing the in-house proxy server. They are just typing the upstream
>proxy server IP address and port number in browser and accessing the
>Internet. How can I prohibit such activities? My network is on
>192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
>(take these IP addresses as an example). I can access 195.2.104.0
>network from my location. I am using Squid Proxy server on Linux
>RH8.Can anyone suggests use of IPTABLES to achieve this?

The same question in two different threads in three days? You didn't
like the answers you got three days ago?

If you don't want people to surf the net without going through your
proxy, the obvious solution is to only allow your proxy server access to
the internet on the usual web browsing ports (80, 443). You can also
explicitly block access to the IP address of the proxy server that your
employees are using.


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

Reply to Anonymous
frank_NYC   07-28-2011 at 05:37:57 PM
- 0 +

Anonymous wrote :

Archived from groups: comp.security.firewalls (More info?)

Some of the users at my location are accessing the Internet by
bypassing the in-house proxy server. They are just typing the upstream
proxy server IP address and port number in browser and accessing the
Internet. How can I prohibit such activities? My network is on
192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
(take these IP addresses as an example). I can access 195.2.104.0
network from my location. I am using Squid Proxy server on Linux
RH8.Can anyone suggests use of IPTABLES to achieve this?




If you push a firewall policy that only allows HTTP and HTTPs traffic to be received by the proxy I P address, they cannot bypass it.

Reply to frank_NYC
Register or log in to remove.
Ask the community Add a reply
See all topics related to "How to Stop bypassing Proxy server?"
Tom's Hardware > Forum > General Networking > Firewalls > How to Stop bypassing Proxy server?
Go to:

There are 828 identified and unidentified users. To see the list of identified users, Click here.

Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.568 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
  • Ask the community now
  • Publish
Ad
Latest best answer
General IT Vocabulary Help
By TheViper, 906 days ago:

Bus Speeds - The most commonly inferred bus is the Front Side Bus. This is the...

They won a badge
Join us in greeting them
How do I win badges?
Partners