Dedicated Linux Box to restrict internet access.

I have a network of 20 computers running mostly win2k and I want to limit where people can go on the Internet to only about 5 to 10 sites. Is it possible to achieve this with Linux firewall, filtering out all the traffic except for that coming from the sites that I want. If yes, then how do I do this?
alex-n-billAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

peteysaCommented:
Good Day,


A squid proxy server would be ideal to block access to all sites but what you allow.  The proxy server would "proxy" all web connections, perform content caching, and allow you to implement access policies for different sites.  

In this setup the server would not have to act as a firewall, but you would need a  firewall to restrict internet access to only from the squid proxy server box.  

Squid proxy server is packaged in most releases of linux.

Cheers!

Dan
0
LuxanaCommented:
did you try use IPTABLES to block all incoming request for your websites?

http://www.linuxguruz.com/iptables/howto/
0
LuxanaCommented:
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

alex-n-billAuthor Commented:
Do I really need a proxy server, or a firewall is enough? If I need to set up a firewall to block everything but a connection to the Proxy why don't I do the same for 5 additional IP addresses. What would be the iptables command to block all internet access except for 5 specified IP addresses. On the other hand: Is proxy server going to be easier to configure then iptables firewall?
0
peteysaCommented:
Hey Alex,

Iptables is easiest, the problem with doing straight IPtables is that the addresses of the websites may change which will require a change to your IPtables rules, but you will have to configure your entire network to flow through the firewall.

I would recommend using webmin to manage your iptables rules and for that most of your administrative tasks on the linux server.  

Cheers,

Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LuxanaCommented:
or there is another and I think best solution because if you want to reject web page such as yahoo.com then you need reject many ip addresses. Instead of that you can use

http://www.censornet.com/

0
shlomilevCommented:
hey there,
 
First solution of mine,
ok here it goes,
First of all do what the others did with the IPtables.
Moreover, as you say it's a dedicated linux pc for the network,
you can download IPCop or Smoothwall at:
IPCOP: http://www.ipcop.org
Smoothwall: http://www.smoothwall.org 

this r good firewalls,

here's the configuration:

IPCop and Smoothwall defines up to three network interfaces, RED,
GREEN and ORANGE.

GREEN: This interface only connects to the computer(s) that the
firewall is protecting. It is presumed to
be local. Traffic to it is routed though an Ethernet NIC on the
computer firewall.

ORANGE: This optional network allows you to place publicly accessible
servers on a separate network.
Computers on this network cannot get to the GREEN network, except
through tightly controlled "DMZ pinholes".
Traffic to this network is routed through an Ethernet NIC. The ORANGE
NIC must be different from the GREEN NIC

RED: This network is the Internet or other untrusted network. The
firewall's primary purpose is to protect the GREEN and ORANGE
networks and their computers from traffic originating on the RED
network. Your current connection method and hardware
are used to connect to this network.

There are two combinations allowed in the firewall. GREEN, RED is the
typical network combination specified for home and small offices.
GREEN, ORANGE, RED, is only specified when you wish to run publicly
accessible servers.

Since the RED interface can connect either by modem or by Ethernet,
there are four Network Configuration Types:

GREEN (RED is modem/ISDN)

GREEN + ORANGE (RED is modem/ISDN)

GREEN + RED (RED is Ethernet)

GREEN + ORANGE + RED (RED is Ethernet)
Most connections are going to be GREEN + RED. So if you are setting it
up the GREEN is going to the computer or router. So when
it asks for the IP address for the green it will be the ip of the
computer or firewall. RED is going to be the IP of the incoming line. ( The
Cable modem or the T1/ISDN line.)

Thats the basics of it. You connect the cables into the ethernet cards
and your ready to go.

Cheers

Sean
0
dgdubyaCommented:
I've used Squid and an open source product Dansguardian to filter internet access. You can download Dansguardian at http://dansguard.org. You might also consider using Smoothwall and/or Smootguardian to solve your problem. You can get Smoothwall at, http://www.smoothwall.org/.

Cheers,

Don

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.