Restricting access to particular port

I have a Pentium-4 based PC with 2 NICs. One NIC(IP 192.168.2.2) is
connected to the ISDN dial-up router and the other(IP 192.168.0.100)
is connected to the internal LAN. Users are given internet access
through this PC only. For Internet sharing, it is running SQUID and
for Content Filtering DANSGUARDIAN. The browsers on the client
computers are directed to IP 192.168.0.100 and Port 8000. DansGuardian
is listening on this port. Squid is listening on Port 3128. So user
requests are going out through dansguardian->squid->ISDN Router. But
if any user changes the port from 8000 to 3128 on a client machine
then that machine bypasses the dansguardian. So how do I restrict Port
3128 to be accessed only by dansguardian running on localhost and not
by any client machine's browser?

Anindra wrote:

> I have a Pentium-4 based PC with 2 NICs. One NIC(IP 192.168.2.2) is
> connected to the ISDN dial-up router and the other(IP 192.168.0.100)
> is connected to the internal LAN. Users are given internet access
> through this PC only. For Internet sharing, it is running SQUID and
> for Content Filtering DANSGUARDIAN. The browsers on the client
> computers are directed to IP 192.168.0.100 and Port 8000. DansGuardian
> is listening on this port. Squid is listening on Port 3128. So user
> requests are going out through dansguardian->squid->ISDN Router. But
> if any user changes the port from 8000 to 3128 on a client machine
> then that machine bypasses the dansguardian. So how do I restrict Port
> 3128 to be accessed only by dansguardian running on localhost and not
> by any client machine's browser?

Use the very mighty kernel-feature "iptables" - probably your kernel has
this ability. Search: "iptables & Documentation"!
Till

Anindra <(E-Mail Removed)> wrote:
[..]
> through this PC only. For Internet sharing, it is running SQUID and
> for Content Filtering DANSGUARDIAN. The browsers on the client
> computers are directed to IP 192.168.0.100 and Port 8000. DansGuardian
> is listening on this port. Squid is listening on Port 3128. So user
> requests are going out through dansguardian->squid->ISDN Router. But
> if any user changes the port from 8000 to 3128 on a client machine
> then that machine bypasses the dansguardian. So how do I restrict Port
> 3128 to be accessed only by dansguardian running on localhost and not
> by any client machine's browser?

Tag Name http_port
Usage

http_port port
hostname: port
1.2.3.4 : port

Description
This tag name is used to specify the socket addresses where Squid
will listen for HTTP client requests. Multiple socket addresses
can be specified. There are three forms: port alone, hostname
with port, and IP address with port. If hostname or IP address is
specified, then Squid binds the socket to that specific address.
[..]

Change in squid.conf http_port an restart squid.

http_port 127.0.0.1:3128

Wonder if you tried looking at the squid docs before posting?

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

Till Bargheer <(E-Mail Removed)> wrote in message news:<btoo9d$jeq$00$(E-Mail Removed)>...
> Anindra wrote:
>
> > I have a Pentium-4 based PC with 2 NICs. One NIC(IP 192.168.2.2) is
> > connected to the ISDN dial-up router and the other(IP 192.168.0.100)
> > is connected to the internal LAN. Users are given internet access
> > through this PC only. For Internet sharing, it is running SQUID and
> > for Content Filtering DANSGUARDIAN. The browsers on the client
> > computers are directed to IP 192.168.0.100 and Port 8000. DansGuardian
> > is listening on this port. Squid is listening on Port 3128. So user
> > requests are going out through dansguardian->squid->ISDN Router. But
> > if any user changes the port from 8000 to 3128 on a client machine
> > then that machine bypasses the dansguardian. So how do I restrict Port
> > 3128 to be accessed only by dansguardian running on localhost and not
> > by any client machine's browser?
>
> Use the very mighty kernel-feature "iptables" - probably your kernel has
> this ability. Search: "iptables & Documentation"!
> Till

Could you elaborate on this a little pls. I have tried my hands on
this but without success. I'm using RHL9.