• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1065
  • Last Modified:

Dedicated Linux Box to restrict internet access.

I have a network of 20 computers running mostly win2k and I want to limit where people can go on the Internet to only about 5 to 10 sites. Is it possible to achieve this with Linux firewall, filtering out all the traffic except for that coming from the sites that I want. If yes, then how do I do this?
0
alex-n-bill
Asked:
alex-n-bill
2 Solutions
 
peteysaCommented:
Good Day,


A squid proxy server would be ideal to block access to all sites but what you allow.  The proxy server would "proxy" all web connections, perform content caching, and allow you to implement access policies for different sites.  

In this setup the server would not have to act as a firewall, but you would need a  firewall to restrict internet access to only from the squid proxy server box.  

Squid proxy server is packaged in most releases of linux.

Cheers!

Dan
0
 
LuxanaCommented:
did you try use IPTABLES to block all incoming request for your websites?

http://www.linuxguruz.com/iptables/howto/
0
 
LuxanaCommented:
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
alex-n-billAuthor Commented:
Do I really need a proxy server, or a firewall is enough? If I need to set up a firewall to block everything but a connection to the Proxy why don't I do the same for 5 additional IP addresses. What would be the iptables command to block all internet access except for 5 specified IP addresses. On the other hand: Is proxy server going to be easier to configure then iptables firewall?
0
 
peteysaCommented:
Hey Alex,

Iptables is easiest, the problem with doing straight IPtables is that the addresses of the websites may change which will require a change to your IPtables rules, but you will have to configure your entire network to flow through the firewall.

I would recommend using webmin to manage your iptables rules and for that most of your administrative tasks on the linux server.  

Cheers,

Dan
0
 
LuxanaCommented:
or there is another and I think best solution because if you want to reject web page such as yahoo.com then you need reject many ip addresses. Instead of that you can use

http://www.censornet.com/

0
 
shlomilevCommented:
hey there,
 
First solution of mine,
ok here it goes,
First of all do what the others did with the IPtables.
Moreover, as you say it's a dedicated linux pc for the network,
you can download IPCop or Smoothwall at:
IPCOP: http://www.ipcop.org
Smoothwall: http://www.smoothwall.org 

this r good firewalls,

here's the configuration:

IPCop and Smoothwall defines up to three network interfaces, RED,
GREEN and ORANGE.

GREEN: This interface only connects to the computer(s) that the
firewall is protecting. It is presumed to
be local. Traffic to it is routed though an Ethernet NIC on the
computer firewall.

ORANGE: This optional network allows you to place publicly accessible
servers on a separate network.
Computers on this network cannot get to the GREEN network, except
through tightly controlled "DMZ pinholes".
Traffic to this network is routed through an Ethernet NIC. The ORANGE
NIC must be different from the GREEN NIC

RED: This network is the Internet or other untrusted network. The
firewall's primary purpose is to protect the GREEN and ORANGE
networks and their computers from traffic originating on the RED
network. Your current connection method and hardware
are used to connect to this network.

There are two combinations allowed in the firewall. GREEN, RED is the
typical network combination specified for home and small offices.
GREEN, ORANGE, RED, is only specified when you wish to run publicly
accessible servers.

Since the RED interface can connect either by modem or by Ethernet,
there are four Network Configuration Types:

GREEN (RED is modem/ISDN)

GREEN + ORANGE (RED is modem/ISDN)

GREEN + RED (RED is Ethernet)

GREEN + ORANGE + RED (RED is Ethernet)
Most connections are going to be GREEN + RED. So if you are setting it
up the GREEN is going to the computer or router. So when
it asks for the IP address for the green it will be the ip of the
computer or firewall. RED is going to be the IP of the incoming line. ( The
Cable modem or the T1/ISDN line.)

Thats the basics of it. You connect the cables into the ethernet cards
and your ready to go.

Cheers

Sean
0
 
dgdubyaCommented:
I've used Squid and an open source product Dansguardian to filter internet access. You can download Dansguardian at http://dansguard.org. You might also consider using Smoothwall and/or Smootguardian to solve your problem. You can get Smoothwall at, http://www.smoothwall.org/.

Cheers,

Don

0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now