15 Jan
2006
15 Jan
'06
1:34 p.m.
Michel Kohl wrote:
I think, the best would be to set up a squid proxy
server.
You should then configure the firewall so that only the proxy server can
"browse" on port 80.
And then direct DNS requests to port 80?
On the proxy server, you can easily configure access
groups and allow or
deny URL regular expressions.
Would Squid also look inside DNS request and answer packets? I want to
filter DNS requests, not HTTP traffic.
But you know, if you allow google and deny all other
domains, the users
won't be able to follow links in google's search results?
That was just an example. The real application is to provide DNS
services to a DMZ but to filter which DMZ machine can do which name
resolution.
Regards,
-pu