+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Windows Thread, Force Proxy Use (Not ISA) in Technical; Hi, We've got a public IP on our router but stopped using it when the kids discovered they could plug ...
  1. #1

    Join Date
    Apr 2007
    Location
    York
    Posts
    551
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    19

    Force Proxy Use (Not ISA)

    Hi,
    We've got a public IP on our router but stopped using it when the kids discovered they could plug in a network cable, not use a proxy and get straight out to internet.
    Is there a way to force use of a proxy server (at isp). We don't have ISA. Need to enable public IP for remote access.
    Thanks
    Last edited by karldenton; 15th June 2009 at 04:15 PM.

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,458
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Would have to be some sort of firewall rule. Block all/most IPs from any outbound traffic except <proxy port> to <proxy IP>

  3. #3
    lbradley's Avatar
    Join Date
    Jul 2008
    Location
    Shipley
    Posts
    117
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    13
    Force it in Group Policy and Turn access to internet options off. suppose they could still use USB firefox then though

  4. #4
    Face-Man's Avatar
    Join Date
    Dec 2005
    Location
    London
    Posts
    577
    Thank Post
    11
    Thanked 58 Times in 40 Posts
    Rep Power
    70
    I assume that the kids are using there own equipment. If not and it is a windows domain use GPO in AD to enforce your security policies. I would stop their equipment by using reserved IP address on the equipment you know about so they can't get an ip from DHCP.

  5. #5

    Join Date
    Apr 2007
    Location
    York
    Posts
    551
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Yeah the machines are there own laptops

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    The best solution short of NAC would be a firewall that has has a rule that redirects all port 80/443 traffic to a transparent proxy. This is set to allow things like Java/Quicktime/Windows Updates through without authentication but stomp on anything else. On the block page you could put info on how to setup personal machines for the school proxy.
    Last edited by Geoff; 16th June 2009 at 03:39 PM.

  7. #7

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    55
    Buy ISA and install it. It's relatively cheap for schools and, if you're letting users use their own laptops, it will also save your internal network from endless harm by restricting access to whichever parts you choose.

  8. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    You need some form of firewall device to act as your router. Something like Smoothwall Express or IPCop will do this job, and allow you to enable transparent proxying also.

  9. #9

    Join Date
    Apr 2007
    Location
    York
    Posts
    551
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Anymore ideas on this ??
    Got vpn working fine over the holidays. Just need to stop pupils connecting their own equipment and connecting without a proxy.
    Tried setting a rule on the firewall to block all traffic except those going to Redstone IP addresses - works fine for a while then something must change at Redstone and you've got to turn the setting off

  10. #10

    Join Date
    Apr 2007
    Location
    York
    Posts
    551
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Could I put the router on a different IP Range? That would stop them getting out but then need to route traffic to the new IP?

  11. #11
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    545
    Thank Post
    85
    Thanked 68 Times in 47 Posts
    Rep Power
    43
    You could put 2 network cards in a box with smoothwall express on it one card will have the external(public) address and create a new internal ip range. smoothwal can sort the routes out for you. or you can do the same with isa etc... depends on how much you want to spend!

  12. #12

    Join Date
    Apr 2007
    Location
    York
    Posts
    551
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    I'd rather not spend anything if possible !. Our ISP do the filtering, router does the firewall rules and VPN. Just need to stop the students connecting outwards.
    Changes in DHCP?

  13. #13
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,996
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    Smoothwall express is the free version.

  14. #14
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    545
    Thank Post
    85
    Thanked 68 Times in 47 Posts
    Rep Power
    43
    the way i explained doesn't allow acces without going through an internal proxy first. like chrish said smoothwall express is the free version. but there are paid for alternative like isa which in essence would do the same job. you'd change your internal dhcp addressing to a different range so the kids have no chance of getting out on the internet with out the proxy settings inserted.

  15. #15

    Join Date
    Apr 2007
    Location
    York
    Posts
    551
    Thank Post
    9
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Yeah we've got the smoothwall school guardian on trial at the moment.
    Sorry for sounding dumb but:
    Our internal network at the moment is 192.168.42.*
    So install Express.
    Keep internal network the same but change router to a different range eg 192.168.1.1
    Get smoothwall to do the routes. Can you set an upstream proxy in smoothwall so its filtered by our isp too?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Help: ISA 2006 Proxy install only
    By timbo343 in forum Windows
    Replies: 2
    Last Post: 27th May 2009, 03:04 PM
  2. Proxy setting -ISA - Webmail timing out
    By Ste_Harve in forum Wireless Networks
    Replies: 1
    Last Post: 7th September 2008, 08:30 PM
  3. Windows - ISA proxy
    By EeEk in forum Windows
    Replies: 3
    Last Post: 16th April 2008, 09:22 AM
  4. ISA server as a transparent proxy
    By FN-GM in forum Wireless Networks
    Replies: 30
    Last Post: 25th February 2008, 04:33 PM
  5. Where to put ISPs Proxy in ISA 2004
    By eejit in forum Windows
    Replies: 6
    Last Post: 17th May 2006, 02:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •