Loading ...
Sorry, an error occurred while loading the content.

Re: [dansguardian] Re: DG for individual machine

Expand Messages
  • Joshua Kite
    ... can I lock the machine in a way that prevents the browser from bypassing the proxy? [Non-text portions of this message have been removed]
    Message 1 of 6 , May 10, 2012
    View Source
    • 0 Attachment
      On Thu, May 10, 2012 at 9:48 AM, g_martino <pierinox666@...> wrote:

      > **
      >
      >
      > --- In dansguardian@yahoogroups.com, Joshua Kite <jwkite@...> wrote:
      > >
      > > I have a friend who would like DG filtering on a Macintosh. If it
      > were
      > > only used in one location it would be fairly easy as I could set up a
      > > server / proxy, etc. However, it will be used in a variety of places.
      >
      > I think you can configure your browser to use the proxy at 127.0.0.1,
      > port 8080 (default DG port).To skip DG, just edit browser's preferences.
      >
      > Thanks for replying, and all of that makes sense. So now the question is,
      can I lock the machine in a way that prevents the browser from bypassing
      the proxy?


      [Non-text portions of this message have been removed]
    • g_martino
      ... Quite difficult. You should block outgoing connections to port 80 and 443, but dansguardian is using those ports. You need some iptables magic to allow
      Message 2 of 6 , May 10, 2012
      View Source
      • 0 Attachment
        > Thanks for replying, and all of that makes sense. So now the question is,
        > can I lock the machine in a way that prevents the browser from bypassing
        > the proxy?

        Quite difficult. You should block outgoing connections to port 80 and 443, but dansguardian is using those ports.
        You need some iptables magic to allow dansguardian's outgoing connections to port 80 and 443, and block the others.

        You can also use a trasparent setup (redirect unmarked connections from port 80 to 8080 and mark it, allow marked connections to go direct), so you don't need to setup the browser, but you can only filter http (not https).
      • Fenn
        Would a VM (vmware player or simular) make things any easier?
        Message 3 of 6 , Jun 27, 2012
        View Source
        • 0 Attachment
          Would a VM (vmware player or simular) make things any easier?

          On Thu, May 10, 2012 at 10:58 AM, g_martino <pierinox666@...> wrote:
          >> Thanks for replying, and all of that makes sense.  So now the question is,
          >> can I lock the machine in a way that prevents the browser from bypassing
          >> the proxy?
          >
          > Quite difficult. You should block outgoing connections to port 80 and 443, but dansguardian is using those ports.
          > You need some iptables magic to allow dansguardian's outgoing connections to port 80 and 443, and block the others.
          >
          > You can also use a trasparent setup (redirect unmarked connections from port 80 to 8080 and mark it, allow marked connections to go direct), so you don't need to setup the browser, but you can only filter http (not https).
          >
          >
          >
          > ------------------------------------
          >
          > For unsubscribing, mailing list rules and posting guidelines please see:
          > http://dansguardian.org/?page=mailinglistYahoo! Groups Links
          >
          >
          >
        • Matthew Byers
          No a vm would not make things easier per say. If you have a large network to manage then maybe but it will require a advanced understanding of firewalls and
          Message 4 of 6 , Jun 27, 2012
          View Source
          • 0 Attachment
            No a vm would not make things "easier" per say. If you have a large network
            to manage then maybe but it will require a advanced understanding of
            firewalls and networking.

            On Wed, Jun 27, 2012 at 7:21 PM, Fenn <fenn@...> wrote:

            > **
            >
            >
            > Would a VM (vmware player or simular) make things any easier?
            >
            > On Thu, May 10, 2012 at 10:58 AM, g_martino <pierinox666@...> wrote:
            > >> Thanks for replying, and all of that makes sense. So now the question
            > is,
            > >> can I lock the machine in a way that prevents the browser from bypassing
            > >> the proxy?
            > >
            > > Quite difficult. You should block outgoing connections to port 80 and
            > 443, but dansguardian is using those ports.
            > > You need some iptables magic to allow dansguardian's outgoing
            > connections to port 80 and 443, and block the others.
            > >
            > > You can also use a trasparent setup (redirect unmarked connections from
            > port 80 to 8080 and mark it, allow marked connections to go direct), so you
            > don't need to setup the browser, but you can only filter http (not https).
            > >
            > >
            > >
            > > ------------------------------------
            > >
            > > For unsubscribing, mailing list rules and posting guidelines please see:
            > > http://dansguardian.org/?page=mailinglistYahoo! Groups Links
            > >
            > >
            > >
            >
            >



            --
            God Bless


            [Non-text portions of this message have been removed]
          Your message has been successfully submitted and would be delivered to recipients shortly.