[KLUG Members] passing https through a "firewall"

[Rusty Yonkers]

> 
> What good is proxying if all you can record is the IP address of
> the
> host they were connecting to?  I can do that with an IPTABLES log
> through the kernel w/o having to bog down the user-space more.

Actually that may be a better way to firewall.  If all you need to do
is to get people access to web and https then you could put a proxy
box between the internal network and the Internet and lock it down
for any access other than squid.  Nothing going in or out over the
box.  Let the box do caching DNS server and run squid.  You allow
outbound DNS lookups and outbound http and https (and established and
related) only on the public interface.  The internal interface does
an automatic redirection to squid (and dansguardian if you want to
filter) for web traffic.  You setup any internal DNS servers to
forward to the caching DNS server on the proxy box.  No other traffic
is allowed to the internal interface of the proxy box (except ssh and
webmin for administration) and you would have arguably one of the
tightest firewalls you could put together.  

It is working for me for http, now I just need to get that stinking
https thing working.


=====
Russell C. Yonkers Jr. 
CNE, MCP, A+, CCNA, Linux+, Server+, Network+ certified
-----------------------------------------
Currently using SuSE 9, Mac OS X, Windows 2000, and WinXP 
And yes I run a network at home with Linux and Windows servers
See my personal website http://www.geocities.com/therustycook
Or my consulting site at http://www.atomicsupergeek.com


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail