Convert an old Pentium PC to a site filtering firewall

I have several old Pentium PCs that are gathering dust.  I realize I could use Smoothwall to convert one of these old PCs to a firewall.  But what I really want to see in a firewall is site filtering.  Smoothwall does not appear to support such a feature.  That is, the ability to block access to adult web sites.  The filtering can be primitive, such as building a blacklist by inputing keywords that would block user access to the site if the keyword appeared in a URL.

Is this possible?

I realize that hardware firewall solutions exist out there, but they often charge $25 per month for this service, but this seems like overkill for my needs.

Suggestions?
SofttechAsked:
Who is Participating?
 
giltjrCommented:
Squid (http://www.squid-cache.org) a free proxy server can do this.  You can configure it with black and white lists.  Free download, runs on Linux.

I am running it on a PIII 400 Mhz with about 300 MB.
0
 
rsivanandanCommented:
Based on your budget you could get Surfcontrol or Websense and both of them does a great job. But they come for a price.

Now if you want to turn those pcs and use it your own way then a start can be like have that PC configured as a Proxy Server and make all your internal machine go through the proxy for browsing. Then you basically build your hosts file with what you want to allow and what you don't.

Say one day you decide not to allow any outgoing connections to www.yahoo.com; then go to your Proxy Server and add the following in your hosts file;

127.0.0.1 www.yahoo.com

So because of the bad DNS resolution, the end user won't be able to get to it. Also you can start with a prebuilt hosts file which blocks a lots of unwanted sites (http://www.mvps.org/winhelp2002/hosts.htm)

Go get it and you should be on your way...

Cheers,
Rajesh
0
 
SofttechAuthor Commented:
>> you could get Surfcontrol or Websense and both
>> of them does a great job. But they come for a price.

I'd rather not have to pay for a monthly subscription.  Plus, we have numerous PCs on our LAN, and we want protection on all.  Buy commercial apps on all the PCs will cost even bigger $$$'s, which is what I'm trying to avoid.

>> Now if you want to turn those pcs and use it your own way then a
>> start can be like have that PC configured as a Proxy Server and
>> make all your internal machine go through the proxy for browsing.

That's won't work since I don't want to block web sites based upon their domain names.  I want to block web sites based upon the URL passed to a web browser.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
rsivanandanCommented:
I don't think you have a free one available which will do something like that.

Cheers,
Rajesh
0
 
rsivanandanCommented:
Can it allow browsing based on the URL passed to it? I mean instead of domain name?

Cheers,
Rajesh
0
 
giltjrCommented:
It can block/allow based on a full or partial HOST name.  Example:  http://www.notallowed.com

You could block based on any of the following:

  www.notallowed.com
  www
  not
  allowed
  com
  talo

well you get the idea.
0
 
rsivanandanCommented:
Oh cool. I guess this is what the author is looking for exactly.

This should serve his purpose.

Cheers,
Rajesh
0
 
SofttechAuthor Commented:
>> I guess this is what the author is looking for exactly.

Well, perhaps...

I'm not crazy about the idea of having to install a new OS on this PC.  That just adds a new level of complexity.  Also, there's a difference between a firewall (Smoothwall) and a proxy server.  One being I've never set up a proxy server before.

0
 
rsivanandanCommented:
Softtech,

   We are here to offer help whatever we know. Now, whatever we suggest here is definitely going to involve some study in there, right? Also remember Firewall is not designed for what you are asking for. You need to rely on other softwares out there.

   Most of the people go for commercial software for the reason that the websites to this globe add-up like crazy and those commercial guys does the job of adding *good* and *bad* sites to the database for whoever pays for it.

  So to be exact as in your own words, "there is a difference between a firewall and a proxy server". Every software that is designed to filter web traffic is doing Proxy and not firewalling. I hope you understand.

Cheers,
Rajesh
0
 
giltjrCommented:
Well, if you are into doing reseach and learing this could help you a lot.

Smoothwall is really a pre-packaged Linux OS, so if you used Smoothwall you would be installing Linux anyway.

I have not used Smoothwall, but most (not all but most) Linux based firewalls are really just based on iptables and they give you a customized and easy to use GUI interface to configure iptables.  I just looked at it and it has a webproxy, it could be Squid, it may not be.  

True a proxy is not a firewall, but a Linux box with a proxy server on it can be configured to be a firewall.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.