home lan with freebsd as gateway / security issues
P.U.Kruppa
ulrich at pukruppa.net
Tue Aug 28 09:01:06 PDT 2007
On Tue, 28 Aug 2007, Zbigniew Szalbot wrote:
>
> Dear all,
>
> Please bear with me one more time. In two months I will need to set up a
> home network and I was planning to use a spare freebsd box as a gateway,
> proxy (squid) and content filtering (dansguardian). I am basically ready
> but the more I think about it, the more worried I am.
>
> That is - for content filtering to work without bypassing it, I will need
> to put the machine in front of my wireless router, won't I? I am going to
> do some reading on tightening FreeBSD security and closing ports/services I
> do not need. My question is more general, though, I would simply like to
> know if there's any simple way to put the box behind a router and sitll be
> able to do transparent proxying of requests originating from my LAN?
Yes: generally spoken: a gateway/proxy is what you tell your
client machines to use as a gateway/proxy. You can just set it
anywhere in your network and make it suck its data from your
router.
Transparent proxying might be a bit difficult to set up at times
but you can start with an ordinary cache-proxy (called by
requests on port 8080 or something).
As long as your kids don't have admin rights on their
workstations, they won't be able to change it.
By the way: blocking single addresses or even some expressions
won't keep anyone from watching bad pages - all one needs is
google and some patience.
But of course you can use squid's log files to control what your
kids really did.
So - sorry for adding educational hints - talk to your children
first and explain the meaning of the word trust to them. When
they really believe they have to deceive you, they probably will
be able to live without a computer for some time.
Sorry, this really was off topic.
Regards,
Uli.
> What I
> really need is content filtering so that my kids won't accidentaly go to
> bad sites.
>
> I am not really an administrator so my knowledge is limited but I love this
> (FreeBSD) system and want to continue using it and learning the ropes. What
> would you advise a person like me?
>
> Many, many thanks!
>
> Zbigniew Szalbot
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Peter Ulrich Kruppa
Wuppertal
Germany
More information about the freebsd-questions
mailing list