Topic: Avoiding using SME as proxy server

[albatroz]

Hi!
I have an IPCOP firewall and a SME Box behind, and
I have created strict rules in the IPCOP Box, however
I am allowing the SME Box full access web (port 80)to the Internet, so it can be used as web and webmail server and sometimes install contribs using wget.

This creates a risk, the SME Box can be used as a proxy
to get full access to the web, bypassing my IPCOP rules.

What should I do in squid.conf to avoid this? allow only   web access from the SME LAN IP address?

[cc_skavenger]

if traffic does not go through the SME server, turn off squid.  

Just an idea.

[albatroz]

But without squid, the SME Box may work as a NAT device... or am I wrong?

[cc_skavenger]

ok, you can bypass squid and still allow traffic with these commands:

/sbin/e-smith/db configuration setprop squid Transparent no
/sbin/e-smith/signal-event remoteaccess-update

This should tell SME not to pass things through squid.  Then you can turn off the squid service with /etc/rc.d/init.d/squid stop so that no-one can use port 3128 to proxy.

HTH