Hello: On Wed, 29 Feb 2012 07:36:27 -0500, Holt <h...@laptop.org> wrote: > Thanks Wad you fixed the problem: > We did not know squid was running on the XS Tony Anderson installed (0.6
> derivative I believe) early autumn 2011. The XS redirects all traffic coming from the LAN to squid. You can check out the config at /etc/sysconfig/iptables This is done for all conections from the LAN interface if i'm not mistaken (it doesn't filter subnets or anything) > Why our XS continue to resolve & offer free/accurate DNS to any random > laptop that connects over Wifi is disconcerting, if anyone can explain? The firewall is set up to allow all conections directed to it.. (iptables INPUT chain).. You got to block other ports when you set upt ip_forward to 0, because only port 80 is redirected to squid, the rest is forwarded > But at least the critical problem of giving away free web access (to > rich visitors, rather than Haitian XO users) is solved for now! The secure way of filtering is getting the XOs MAC, and configure the DHCP (to lease a specific IP allways) and to allow forwarding and redirecting ONLY for the MAC with the correspondant IP. This is very fine grained work though, there could be other methods. Cheers -- Rolf _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel