Secure Linux Gateway

How do I build a secure linux gateway.

I have to restrict users to stop using the specified web sites, time limit for Intenet usage, bandwidth control and prevent downloading etc..

Kindly advise, early reponse will be appreciated.

Regards
iTeamIndiaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Have a look at Squid:
http://www.squid-cache.org/
iTeamIndiaAuthor Commented:
Thanks for your reply, I have one question- squid can be act as Internet Gateway If I give the Linux Gateway IP in TCP/IP Configuration of Windows default gateway or I have to used it in 3128 port.

Kindly advise
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'm not sure if SQUID is appropriate for NAT routing - if that's what you're asking.  However, there are several ways of doing this, I use IPTables and an rc.firewall script.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

iTeamIndiaAuthor Commented:
But can I block websites, restrict bandwidth etc. through IPTable and rc.firewall.

Kindly advise.
iTeamIndiaAuthor Commented:
early response will be appreciated.

Thanks
ravenplCommented:
You have to set up iptables firewall to not allow any traffic from LAN to internet.
Then You have to configure squid on Your firewall. Squid supports authentication, so You know who is who. Based on this, You can restrict users from doing somethings, limit them etc. As 'leew' said, check the squid documentation.

If You don;t need users to authenticate(ie. You recognize them by ip address or mac address), then You could set squid to be transparent proxy (it's done with iptables).
However https transparent proxying doesn't work.

And if You need users to authenticate with proxy, transparent proxying doesn't work also.
iTeamIndiaAuthor Commented:
Thanks for your reply.
xDamoxCommented:
Hi what you want is smoothwall from: http://www.smoothwall.org/

This allows you to do the following:

    *  Protect the local network from outside attack, whilst interfering as little as possible with user activities
    * Be simple enough to be installed by home users with no previous knowledge of Linux required
    * Support a wide variety of network cards, modems and other hardware
    * Work with many different connection methods and ISPs across the world
    * Increase ease of use, management and configuration by use of tools such as web access interface

also check out the screenshots:

http://www.smoothwall.org/about/screenshots/
linux2000inCommented:
Cheers,

Dude, Squid proxy software provides all facilities u r looking for...

using squid proxy u can configure  following things.
* main big things squid can authenticat user from LDAP/Mysql so that is gr8 things... you no need to create system users ( it improve your security also by this... )
1) User Time based access
2) Content filterting . and Site blocking
3) Time based access like in Office hrs no one able to access mail.yahoo.com and after 6.00 pm it can be ..
4) B/W management is also possible using squid it self..so no issue.
5) You can also provent download specific type of extension of file.also...
6)  There so many software for creating nice graphical report form squid log.like how many b/w is used by user * Top Ten Sites * Who accessed what ? ...means there are so many facility with squid u can configure...
So i recommned go with squid+linux to build secure gateway. And dont use Transperent proxy while  u configure client.



I hope u got so clear idea.
Regards,

linux2000in@yahoo.com
Vipul Ramani
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.