none
how to force user to use proxy to surf internet

    Question

  • Dear All:

    I am running win 2003 server ip 192.168.1.11 ,  DHCP service. DNS service

    the domain user get this ip in their local pc
    IP: 192.168.1.XXX
    mask: 255.255.255.0
    gateway is 192.168.1.2
    dns: 192.168.1.11

    I install another winxp 192.168.1.100 running squid as proxy server, so no matter the user use IE or firefox, I can control their internet access.

    but if the user don't use proxy, they can select to uncheck this option, then i cannot control them anymore, because the gateway 192.168.1.2 allow anything.

    so how can I force the domain user to use proxy server 192.168.1.100 to surf internet? Thanks.





    Tuesday, June 23, 2009 10:45 AM

Answers

  •   No, you do not set the proxy server IP as a gateway. Using a proxy server is quite different from using a routed connection.

       With a routed connection, the client is not aware that it is not directly connected to the Internet. It simply sends its request on the Ethernet. The router (the default gateway) determines what happens to the request. If it is a NAT router, it will forward the request to the target site using its own public IP address and relay the reply to the client on the private LAN.

       With a proxy server, the client is aware that it is using a proxy server and knows the proxy server's IP address. It sends its requests directly to the proxy server using the proxy client software. The client does not need a default gateway because nothing is routed from the client to the Internet. Only the proxy server needs Internet access.

    Bill
    Sunday, August 02, 2009 6:07 AM

All replies

  •  

    Yes can be done using Group  Policies

    http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1230939_mem1,00.html


    http://technetfaqs.wordpress.com
    Tuesday, June 23, 2009 2:39 PM
  • Hello,

    use Group policy settings "Internet explorer maintenance":
    http://technet.microsoft.com/en-us/library/cc754834(WS.10).aspx
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, June 23, 2009 3:58 PM
  •   You could change the DHCP settings to not give them a gateway setting. Everything on the LAN will work fine without it. It is only needed to get beyond the local subnet.
    Bill
    Wednesday, June 24, 2009 12:12 AM
  • Hi Syed and Meinolf:

    Use this Internet explorer maintenance only can control IE only, if the user use other browse like firefox, the connection still NO Proxy.

    is it a way can force use the proxy base on IP address or Mac address?

    Thanks.
    Wednesday, June 24, 2009 2:32 AM
  • hi Bill:

    Q1: how about he MSN or outlook, is this still working fine without the gateway?

    Q2: Can I set the proxy server IP as the gateway, since we can don't set the gateway, means we can use the fate gateway IP also, am I right?

    Thanks.
    Wednesday, June 24, 2009 2:35 AM
  • hi there,

    Please understand that you require default gateway for the clients to browse MSN or outlook or any application / website / ftp site which is outside your subnet.


    sainath !analyze
    Saturday, August 01, 2009 4:50 PM
    Moderator
  •   No, you do not set the proxy server IP as a gateway. Using a proxy server is quite different from using a routed connection.

       With a routed connection, the client is not aware that it is not directly connected to the Internet. It simply sends its request on the Ethernet. The router (the default gateway) determines what happens to the request. If it is a NAT router, it will forward the request to the target site using its own public IP address and relay the reply to the client on the private LAN.

       With a proxy server, the client is aware that it is using a proxy server and knows the proxy server's IP address. It sends its requests directly to the proxy server using the proxy client software. The client does not need a default gateway because nothing is routed from the client to the Internet. Only the proxy server needs Internet access.

    Bill
    Sunday, August 02, 2009 6:07 AM