My recommendation would be to set all of the browsers to point to squid porxy. Then after everyone is pointed to the proxy allow only the proxy to use port 80 out on the firewall. This will keep the roll out smooth and then keep anyone with a mis-configured browser from getting out on the internet. On Wed, 2006-11-01 at 16:10 -0700, JT Moree wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I went back and read thru the earlier posts. Let me make sure I > understand the situation completely. > > You have a network. There is a firewall. There is a separate proxy > server running squid and squidguard. > > If a user sets up the proxy settings in his browser to use the proxy > server then all traffic is properly handled by all systems and the user > really does get proxied. If the user goes to a blacklisted site (in > squidguard blacklists) he is blocked etc. etc. > > If that is all correct then the next step is that you want to STOP users > from getting through the firewall directly so as to force the traffic > through squid. > > OR you have the firewall checking with squid to allow or deny the user > based on squid's response--but this is less common i think. > > Once you have stopped all direct traffic going directly through the > firewall make sure the proxy can still get through the firewall. > > After you have stopped all direct traffic then work on transparently > redirecting traffic to the squid box. > > Note: i found this on the net > http://www.squid-cache.org/mail-archive/squid-users/200403/1003.html > > I don't know if this will help or not but it helps me to go over a > problem from start to finish to see if I have missed anything. > > - -- > JT Morée > PC Xperience, Inc. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFSSll1JwGi/ukQqERAjfxAJwJJek7/ZddqHGtlVOUvAfouLUaWQCfRugy > qYNPicGB2B25cU7jc/8YL1o= > =pvDL > -----END PGP SIGNATURE----- > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss