> Wouldn't it be easier to put a transparent squid proxy upstream of the
> connection, rather than mucking with ugly iptables rules per user, etc?
No, squid unfortunately doesn't always work. Try watching a movie on
Hulu through a squid proxy. Another thing, I'm not sure how to
configure squid t
On Thu, Nov 5, 2009 at 12:00 AM, Michael Robinson
wrote:
>> > You could always deny first then white list local network hosts and add an
>> > allow statement for the proxy although you may need to do a tcpdump to see
>> > if it uses the same port every single time for an outbound request. So you
>