• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 261
  • Last Modified:

Convert an old Pentium PC to a site filtering firewall

I have several old Pentium PCs that are gathering dust.  I realize I could use Smoothwall to convert one of these old PCs to a firewall.  But what I really want to see in a firewall is site filtering.  Smoothwall does not appear to support such a feature.  That is, the ability to block access to adult web sites.  The filtering can be primitive, such as building a blacklist by inputing keywords that would block user access to the site if the keyword appeared in a URL.

Is this possible?

I realize that hardware firewall solutions exist out there, but they often charge $25 per month for this service, but this seems like overkill for my needs.

Suggestions?
0
Softtech
Asked:
Softtech
  • 5
  • 3
  • 2
2 Solutions
 
rsivanandanCommented:
Based on your budget you could get Surfcontrol or Websense and both of them does a great job. But they come for a price.

Now if you want to turn those pcs and use it your own way then a start can be like have that PC configured as a Proxy Server and make all your internal machine go through the proxy for browsing. Then you basically build your hosts file with what you want to allow and what you don't.

Say one day you decide not to allow any outgoing connections to www.yahoo.com; then go to your Proxy Server and add the following in your hosts file;

127.0.0.1 www.yahoo.com

So because of the bad DNS resolution, the end user won't be able to get to it. Also you can start with a prebuilt hosts file which blocks a lots of unwanted sites (http://www.mvps.org/winhelp2002/hosts.htm)

Go get it and you should be on your way...

Cheers,
Rajesh
0
 
SofttechAuthor Commented:
>> you could get Surfcontrol or Websense and both
>> of them does a great job. But they come for a price.

I'd rather not have to pay for a monthly subscription.  Plus, we have numerous PCs on our LAN, and we want protection on all.  Buy commercial apps on all the PCs will cost even bigger $$$'s, which is what I'm trying to avoid.

>> Now if you want to turn those pcs and use it your own way then a
>> start can be like have that PC configured as a Proxy Server and
>> make all your internal machine go through the proxy for browsing.

That's won't work since I don't want to block web sites based upon their domain names.  I want to block web sites based upon the URL passed to a web browser.
0
 
rsivanandanCommented:
I don't think you have a free one available which will do something like that.

Cheers,
Rajesh
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
giltjrCommented:
Squid (http://www.squid-cache.org) a free proxy server can do this.  You can configure it with black and white lists.  Free download, runs on Linux.

I am running it on a PIII 400 Mhz with about 300 MB.
0
 
rsivanandanCommented:
Can it allow browsing based on the URL passed to it? I mean instead of domain name?

Cheers,
Rajesh
0
 
giltjrCommented:
It can block/allow based on a full or partial HOST name.  Example:  http://www.notallowed.com

You could block based on any of the following:

  www.notallowed.com
  www
  not
  allowed
  com
  talo

well you get the idea.
0
 
rsivanandanCommented:
Oh cool. I guess this is what the author is looking for exactly.

This should serve his purpose.

Cheers,
Rajesh
0
 
SofttechAuthor Commented:
>> I guess this is what the author is looking for exactly.

Well, perhaps...

I'm not crazy about the idea of having to install a new OS on this PC.  That just adds a new level of complexity.  Also, there's a difference between a firewall (Smoothwall) and a proxy server.  One being I've never set up a proxy server before.

0
 
rsivanandanCommented:
Softtech,

   We are here to offer help whatever we know. Now, whatever we suggest here is definitely going to involve some study in there, right? Also remember Firewall is not designed for what you are asking for. You need to rely on other softwares out there.

   Most of the people go for commercial software for the reason that the websites to this globe add-up like crazy and those commercial guys does the job of adding *good* and *bad* sites to the database for whoever pays for it.

  So to be exact as in your own words, "there is a difference between a firewall and a proxy server". Every software that is designed to filter web traffic is doing Proxy and not firewalling. I hope you understand.

Cheers,
Rajesh
0
 
giltjrCommented:
Well, if you are into doing reseach and learing this could help you a lot.

Smoothwall is really a pre-packaged Linux OS, so if you used Smoothwall you would be installing Linux anyway.

I have not used Smoothwall, but most (not all but most) Linux based firewalls are really just based on iptables and they give you a customized and easy to use GUI interface to configure iptables.  I just looked at it and it has a webproxy, it could be Squid, it may not be.  

True a proxy is not a firewall, but a Linux box with a proxy server on it can be configured to be a firewall.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now