We have a small network at work consisting of about 16 PCs and one server (Win2k server). We used to have an ISDN modem for our Internet connection which was connected directly to the server. We have Sophos virus checker on the server, plus a firewall.
Now we have broadband and the company who set it up have plugged it into the fax line, fair enough. But this line is far away from the server and it is plugged into the ethernet network. That now means that anybody can bypass the fileserver (ie the proxy) and connect directly to the ADSL router. Which also means bypassing the firewall and virus scanner. While we have set up the PCs to use the proxy server, we can't guarantee that the "clever" ones amongst us will never change it to suit them.
An additional problem we now have is that we have a custom designed software fault tracking system which is accessible by us and by our customers via the internet. The database is off-site on another server. The software here is supposed to connect through port 3306. And it does... most of the time. However, it is very slow. Somebody managed to frig it so that it connects directly to the router and it is lightening fast. However, we're now back to the bypassing-the-firewall-and-virus-checker problem.
The connection speed is 2Mbps, in theory 4x faster than mine at home, yet slower in practise.
So my questions are:
1. How can we stop people connecting directly to the router?
2. How can we configure the router to only accept requests from the proxy server?
3. How can we block ports like MSN Messenger if (2) can't be done (I know how to do it on Win2kServer, but somebody is bypassing it)
4. Any ideas why the proxy server would slow things down to a crawl?