On Thu, 21 Feb 2002, John Morrissey wrote: > Make your proxy transparent then they all HAVE to use it. > > It doesn't matter whether you use the Netgaer box or the proxy box for
Erm - yes, it does matter. If there is a path out of the network that allows direct HTTP connections outside the network, it doesn't matter if the proxy is transparent, opaque, or a flaming sword of fire and damnation, you will be able to *force* people to use it - they can just go and connect willy-nilly on the Internet without the proxy. You *have* to shut off the ability to connect to external port 80s to all except the proxy server. [To the OP, mostly] This is not rocket science - to stop people from connecting, you *have* to block them. I can't remember whether the Netgear you've got will do it - honestly, I don't like dedicated routers too much - not enough bang for the buck, IMO. If it does do seletive port blocking, you can do it without putting the Linux box in as a router, but if not, you'll need to find an alternate way of stopping people from connecting directly. That will force them to use the proxy if they want to browse the web. I've done this config now so often I can do it in my sleep. Add internal/external mail into the mix for < $1,000 (including hardware), and I'm a business' best friend. <g> > routing. Although I tend to agree with Matt Palmer because even an old > P.Pro linux server with 256mb ram will cream the router every time as well > as affording the options of a proper firewall, porn blocking etc. Then they > can sell their Netgear on e-bay or use it as a coffe stand. Whee, yet another Netgear router on E-bay. There's no shortage of them - in fact, if the people who foist these things onto customers bought off E-bay, Netgear could stop producing them and we could just have the same routers going around in circles for ever... <g> -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug