Lock down kiosk to only view one website

[emrys404]

Hello,

I need to lock down a machine and only allow users to view one remote website (https & http) and attempts to view other websites to be just be redirected back to the original site (this part is not as important as only allowing a single website).
At first i tried to use IPtables but the ip of the website is unique but not static and i dont know when it might change. So IPtables is out i think.
Then i looked into squid and found the following rule to block all websites but one:

acl allowed_sites dstdomain .yahoo.com #yahoo.com being, in this case, the only site i want the user to be able to view
acl all_others dst 0.0.0.0/0.0.0.0
http_access allow allowed_sites
http_access deny all_others

But then i couldnt get it to work, or maybe i couldnt figure out how to get all the traffic routed through squid?

Anyway it seems like such a simple thing... Can anyone give me any hints/suggestions/etc?

Thanks in advance,

Emrys
_________________
-blar

[jk3us]

See http://www.tldp.org/HOWTO/TransparentProxy.html .. Specifically the part about iptables.

[emrys404]

Excellent! Thank you so very much! Okay one last problem remains:

It works perfectly when i connect through the machine with another box but how do i make it so the computer where the squid and iptables rules are running is subject to them aswell? In other words how can i get the machine with squid installed to route its own traffic through its proxy?

Thanks much!

Emrys
_________________
-blar

[emrys404]

What do i edit or what additional rule can i add to this that will also route the packets generated from the machine that has squid and the iptables rules installed?

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Thanks
_________________
-blar

[emrys404]

Anyone?
_________________
-blar