How do I force all software to use proxy?

I have a system that currently uses a proxy server to access HTTP, FTP, and
HTTPS, etc, but if any new software is added to the PC after it leaves me to
new location on the same LAN, how can I make sure nothing is able to connect
out without going through my proxy setup? I want to ensure that nothing
that is added later. Can I do anything on the system that will stop any
connections by any software, apart from those via proxy? I really need some
help on this one. Many Thanks.

Oh the system is Windows XP Pro, by the way...

Tony




Tony

"Tony" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a system that currently uses a proxy server to access HTTP, FTP,
> and HTTPS, etc,

Do you mean you have one PC which uses a proxy server (running on another
computer) for HTTP etc?

> but if any new software is added to the PC after it leaves me to new
> location on the same LAN,

I can't make sense of this.

> how can I make sure nothing is able to connect out without going through
> my proxy setup?

Either by not giving the PC a gateway to use, or by using a packet filter on
the PC (or its gateway).

Alex

"Alex Fraser" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Tony" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I have a system that currently uses a proxy server to access HTTP, FTP,
>> and HTTPS, etc,
>
> Do you mean you have one PC which uses a proxy server (running on another
> computer) for HTTP etc?
>
>> but if any new software is added to the PC after it leaves me to new
>> location on the same LAN,
>
> I can't make sense of this.
>
>> how can I make sure nothing is able to connect out without going through
>> my proxy setup?
>
> Either by not giving the PC a gateway to use, or by using a packet filter
> on
> the PC (or its gateway).
>
> Alex
>

Sorry Alex, its one thing having a question to ask, and another thing
getting the question asked in a manner that everyone understands. Let me
start again.... I have LAN network here, with three computers on it, one
runs all the time and we access the internet via that computer. I'm
currently testing CCProxy which allows each of the other computers on the
LAN to access the Internet, HTTP, FTP, and all the other protocols via the
proxy address. Now what I want to do, is ensure that if any new programs
are installed on any of the computers that are accessing the net via the
proxy, they go via the proxy... so that all activity and bandwdth can be
controlled and monitored using CCProxy. I understand that if any new
programs are installed later on, then unless they are configured to use
CCproxy, then they will just connect directly without the proxy and this is
what I don't want to happen.

What I would like to happen is, if any new software is installed, it wont
work at all unless it is configured to use CCproxy. I have just installed a
new program here (WinMX), and left it unconfigured regarding the proxy
settings, and it works fine... I would ideally like to force EVERYTHING to
use proxy as the only option there is.... or fail to work. Is that any
clearer Alex ???

Tony

In article <(E-Mail Removed)>, "Tony" tony3288795628
@mail2me.com says...
<snip>
>
> Sorry Alex, its one thing having a question to ask, and another thing
> getting the question asked in a manner that everyone understands. Let me
> start again.... I have LAN network here, with three computers on it, one
> runs all the time and we access the internet via that computer. I'm
> currently testing CCProxy which allows each of the other computers on the
> LAN to access the Internet, HTTP, FTP, and all the other protocols via the
> proxy address. Now what I want to do, is ensure that if any new programs
> are installed on any of the computers that are accessing the net via the
> proxy, they go via the proxy... so that all activity and bandwdth can be
> controlled and monitored using CCProxy. I understand that if any new
> programs are installed later on, then unless they are configured to use
> CCproxy, then they will just connect directly without the proxy and this is
> what I don't want to happen.
>
> What I would like to happen is, if any new software is installed, it wont
> work at all unless it is configured to use CCproxy. I have just installed a
> new program here (WinMX), and left it unconfigured regarding the proxy
> settings, and it works fine... I would ideally like to force EVERYTHING to
> use proxy as the only option there is.... or fail to work. Is that any
> clearer Alex ???
>
How do they connect to the internet without using the proxy? Are you
running a software NAT router like ICS or WinRoute?

"Rob Morley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <(E-Mail Removed)>, "Tony" tony3288795628
> @mail2me.com says...
> <snip>
>>
>> Sorry Alex, its one thing having a question to ask, and another thing
>> getting the question asked in a manner that everyone understands. Let me
>> start again.... I have LAN network here, with three computers on it, one
>> runs all the time and we access the internet via that computer. I'm
>> currently testing CCProxy which allows each of the other computers on the
>> LAN to access the Internet, HTTP, FTP, and all the other protocols via
>> the
>> proxy address. Now what I want to do, is ensure that if any new programs
>> are installed on any of the computers that are accessing the net via the
>> proxy, they go via the proxy... so that all activity and bandwdth can be
>> controlled and monitored using CCProxy. I understand that if any new
>> programs are installed later on, then unless they are configured to use
>> CCproxy, then they will just connect directly without the proxy and this
>> is
>> what I don't want to happen.
>>
>> What I would like to happen is, if any new software is installed, it wont
>> work at all unless it is configured to use CCproxy. I have just
>> installed a
>> new program here (WinMX), and left it unconfigured regarding the proxy
>> settings, and it works fine... I would ideally like to force EVERYTHING
>> to
>> use proxy as the only option there is.... or fail to work. Is that any
>> clearer Alex ???
>>
> How do they connect to the internet without using the proxy? Are you
> running a software NAT router like ICS or WinRoute?

What I am trying to do is create an environment on my home LAN, that allows
me to control bandwidth, allowed URL's, and complete monitoring of all
websites accessed. CCProxy looks like it will be able to do this, but the
problem is, how do I stop the kids bypassing it.... All new programs
installed on their computer will not use CCProxy, but instead make a direct
connection without using CCProxy. Anyone know how I can stop this??

Tony

"Tony" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Rob Morley" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) t...
> > How do they connect to the internet without using the proxy? Are you
> > running a software NAT router like ICS or WinRoute?
>
> What I am trying to do is create an environment on my home LAN, that
> allows me to control bandwidth, allowed URL's, and complete monitoring of
> all websites accessed. CCProxy looks like it will be able to do this,
> but the problem is, how do I stop the kids bypassing it.... All new
> programs installed on their computer will not use CCProxy, but instead
> make a direct connection without using CCProxy.

This is clear now.

> Anyone know how I can stop this??

Firstly, by answering Rob's second question above .

If you are using ICS, and there is no need for any computer other than the
one with ICS enabled to have direct access, then the answer is simple:
disable ICS.

If you are using ICS, but the above does not apply, then there are a few
possibilities that spring to mind:

- Set up the machine that you don't want to have access with static IP
configuration, and do not specify a default gateway. Make sure the kids
do not have administrative privileges on the machine, if they are
knowledgeable enough to get it working without the proxy. This is the
simplest solution.

- Install firewall software that has packet filtering capability on the
machine that you don't want to have access, and configure it
appropriately. (I, and no doubt others, could assist with this.) Again,
make sure the kids cannot alter the settings if they are knowledgeable
enough to do so.

- Install firewall software that has packet filtering capability on the PC
that is directly attached to the Internet and configure it appropriately.
Yet again, make sure the kids can't fiddle with the settings if
necessary. This is the best solution for Windows that doesn't involve
buying hardware.

- Buy a router that allows custom packet filter rules, and set that up.

Alex

"Tony" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

[...]

> What I am trying to do is create an environment on my home LAN, that
allows
> me to control bandwidth, allowed URL's, and complete monitoring of all
> websites accessed. CCProxy looks like it will be able to do this, but the
> problem is, how do I stop the kids bypassing it.... All new programs
> installed on their computer will not use CCProxy, but instead make a
direct
> connection without using CCProxy. Anyone know how I can stop this??
>


It may by solution for You...
http://www.avignu.org/IMG/png/lanfreesco.png
http://www.freesco.org/?L=overview
Running on old PC 486/16MB with two ethernet card and 1,44 floppy, setup and
configuration are simple...


--
---

"Alex Fraser" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Tony" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> "Rob Morley" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) t...
>> > How do they connect to the internet without using the proxy? Are you
>> > running a software NAT router like ICS or WinRoute?
>>
>> What I am trying to do is create an environment on my home LAN, that
>> allows me to control bandwidth, allowed URL's, and complete monitoring of
>> all websites accessed. CCProxy looks like it will be able to do this,
>> but the problem is, how do I stop the kids bypassing it.... All new
>> programs installed on their computer will not use CCProxy, but instead
>> make a direct connection without using CCProxy.
>
> This is clear now.
>
>> Anyone know how I can stop this??
>
> Firstly, by answering Rob's second question above .
>
> If you are using ICS, and there is no need for any computer other than the
> one with ICS enabled to have direct access, then the answer is simple:
> disable ICS.
>
> If you are using ICS, but the above does not apply, then there are a few
> possibilities that spring to mind:
>
> - Set up the machine that you don't want to have access with static IP
> configuration, and do not specify a default gateway. Make sure the kids
> do not have administrative privileges on the machine, if they are
> knowledgeable enough to get it working without the proxy. This is the
> simplest solution.
>
> - Install firewall software that has packet filtering capability on the
> machine that you don't want to have access, and configure it
> appropriately. (I, and no doubt others, could assist with this.) Again,
> make sure the kids cannot alter the settings if they are knowledgeable
> enough to do so.
>
> - Install firewall software that has packet filtering capability on the PC
> that is directly attached to the Internet and configure it appropriately.
> Yet again, make sure the kids can't fiddle with the settings if
> necessary. This is the best solution for Windows that doesn't involve
> buying hardware.
>
> - Buy a router that allows custom packet filter rules, and set that up.
>
> Alex

Not sure if you can help me further or not with this Alex, but the router in
use at the moment is a Netgear DG834G MkII which currently has DHCP enabled.
I'm not sure what you mean about having ICS enabled. There are currently
five machines on my network, all of which are assigned IP addresses using
DHCP (although) I have recently used the option within the router to reserve
IP addresses for named machines on the network, so I can now (at least) be
assured that I know exactly what IP address each machine is going to get.
(before I did this it was anyone's guess which machine had which address!!
as they were assigned on a 'first come first served basis). One machine is
used as the server, it runs Windows XP Pro, and has Apache, FTP access and
CCProxy ruuning. This machine uses 192.168.0.4 as its IP address on the
network, this machine is also wired directly to the router with a CAT5 cable
and stays connected to the internet 24/7. The other machines on my network
connect to the router using wireless 802.11g with 128bitWEP and MAC
filtering enabled. All machines are setup to be assigned IP's automatically
when they connect via wireless, but as I said earlier, they now always get
the same IP address as I have reserved an IP address for each machine name
within the router. With this in mind Alex, what do you think I should do to
stop the kids getting direct access as I really want ALL traffic to go via
CCProxy, so I can control bandwidth and monitor all activity from the kids
computer. Oh, by the way the kids PC uses 192.168.0.5 as its IP. I hope I
have explained the setup clearly.

One other thing whilst I'm on the subject of IP assignment etc... Now I have
reserved IP addresses on the network in the outer, I am assuming I can turn
DHCP off?? Would I be correct in this assumption?

Tony

In MsgID<(E-Mail Removed)> within uk.comp.home-networking,
'Tony' wrote:

>CCProxy looks like it will be able to do this, but the
>problem is, how do I stop the kids bypassing it....

Keep them in a padded cell, don't allow them out to school, don't allow
them to read any of the dozens of magazines that regularly mention ways
for youngsters to get around petty restrictions.

Whatever you do keep them away from usenet, where old gits with a clue
(such as myself) will delight in telling them exactly how to escape from
the claustrophobic environment they had the misfortune to be born into.

In general, if you completely shut them away from the world then they
should be 'safe' and you will be able to cease worrying about the dangers
of them learning anything. It might also be advisable to reduce your own
use of the internet, as they may look over your shoulder at some point and
realise how easy it is to access anything they choose to find out about.

If you'd have been my parent I'd have brought your system crashing to its
knees just for the fun of it, so letting them near any of your computers
at any time of the day could be an additional risk that you should assess
carefully.

--
Dave Johnson - (E-Mail Removed)

"Tony" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Not sure if you can help me further or not with this Alex, but the router
> in use at the moment is a Netgear DG834G MkII which currently has DHCP
> enabled.

Ah, OK.

> I'm not sure what you mean about having ICS enabled.

Not relevant given that you have a router.

> There are currently five machines on my network, all of which are
> assigned IP addresses using DHCP (although) I have recently used the
> option within the router to reserve IP addresses for named machines on
> the network, so I can now (at least) be assured that I know exactly what
> IP address each machine is going to get.
[snip]
> With this in mind Alex, what do you think I should do to stop the kids
> getting direct access as I really want ALL traffic to go via CCProxy, so
> I can control bandwidth and monitor all activity from the kids computer.

One option is the first of those I mentioned in my previous post: set up the
machine that you don't want to have access with static IP configuration, and
do not specify a default gateway. As I said, if you think the kids know (or
might work out) how to alter these settings, you need to prevent them from
doing so by not giving them administrative privileges on the machine. I'd
recommend this anyway, although it can cause problems with some software
(older software especially).

Given that you have reserved the address 192.168.0.5 for the kids' PC in the
router, and assuming the router is configured with the default LAN-side
subnet mask, all you need to do on the machine is:

- Bring up the properties for the network connection.
- Select TCP/IP and click Properties to set the TCP/IP properties.
- Select "Specify an IP address" (or words to that effect).
- Enter the address as 192.168.0.5, and subnet mask 255.255.255.0.
- Click "OK" to accept the TCP/IP Properties changes.
- Click "OK" in the network connection properties window.

How does that sound?

Your router appears to be quite configurable, and using it would allow more
precise control, but it's correspondingly more difficult to set up.

[snip]
> One other thing whilst I'm on the subject of IP assignment etc... Now I
> have reserved IP addresses on the network in the outer, I am assuming I
> can turn DHCP off?? Would I be correct in this assumption?

No, it's best to leave DHCP active on both the PCs and router if you reserve
IP addresses on the router - except if you can't avoid it, as on the kids'
machine if you follow the above. As the PCs boot up, they will request a
DHCP lease by sending a packet which the router picks up. The router checks
the MAC address and offers either the reserved IP address (if there is an
entry for the MAC address), or an available address from the DHCP pool.

Alex