Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?

Terrence Koeman terrence at mediamonks.net
Wed Apr 11 08:51:03 UTC 2012 

On Tue, 10 Apr 2012 at 05:27:24, Jorge Biquez wrote:

> Hello all.
> 
> I am sorry if this is kind OFF Topic. I am looking for help from more
> experienced people in these areas. Please let me know if this
> question should be moved to FREEBSD-CHAT list.
> 
> As I have mentioned before I am helping a school , non profit with
> their IT issues. As always there are some "experts" that controls
> everything and do not let you change anything because is their
> kingdom. Anyway, there we have Internet service  from a cable company
> and they have some cisco routers to receive the access and from there
> some Cisco Switches.
> In the classrooms we have very old PCs running XP. In some of my
> classes I am using Freebsd and Ubuntu running on a USB. So each
> student have one USB and they work that way booting from their 4GB
> USB stick. (it is slow but it has worked until now).
> 
> One of the managers asked me for help to block some web sites were
> some students in the other lab and people that helps there waste
> bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and
> spend lot of time on facebook also. Our bandwidth is only 4Mb and you
> understand that with a few that are seeing movies and videos the rest
> of us can not work at all. Thing is that "other manager" (you know
> how those things are sometimes) do not want us to do that since his
> "guru" and expert is the one that controls all the Network. So the
> best we could get until now is that we can do "all we can" without
> touching the Cisco routers and until now not administrative password
> for change anything on the PCs (that could change one we prove that
> we can have the solution and show it to the board of people that runs
> the place).
> 
> The Internet provider gives the DNS servers to use and one of the
> routers gives the DHCP service.
> 
> First thing I thought was to change the DNS servers and use the one
> from my small office (running Freebsd 7.3) using Bind there and
> simply block there pointing the sites to nothing in the Apache
> configuration. It does not work. Once changed the DNS values the PC
> does not resolve anything. It was a quick test but that does not
> work. Not sure if Internet provider is blocking in some way that we
> can not use other DNS server but theirs.
> 
> Other solution I was thinking while coming home was to convert one
> machine there to a freebsd server and use it as a router (if they let
> me) so that way I can control from there and do filtering. Issue is
> that maybe they do not let me but connect the server as an extra
> machine without replacing the main router so in that case I would
> have 2 DHCP servers doing the same service in the same lan and could
> be conflicts I guess.
> 
> Another solution a friend suggested was to buy one small router (from my
> money for sure) and let that small router to receive the internet (RJ45)
> and from that with the small 4 port switch included to provide the
> internet to the switches to feed the labs , library and administrative
> offices. I have never use one of those and I am short on money so I
> would like to explore other alternatives before if possible.
> 
> Finally another solution would be to install in each PC a kind of
> Nanny software but only if free, otherwise is not a solution (I do
> not know of any yet but will do searching the following hours).
> 
> I know all can be solved if the "guru-expert" guy would let me have
> passwords from PC's, router, etc but that won't be an option since
> they think we would try to take the control of those services (we do
> not want that) so the burocracy could be a problem there. He have
> told them that to block is not possible (they have been working that
> way for years).
> 
> So, in this kind of schema. Do you think FreeBSD (even linux) could
> be of help if we do not have access to routers, switches and can not
> install new software on the PCs( the ones running XP)?
> 
> Any comments you have that could help me to solve this challenge?

You could ask the "guru-expert" guy to implement traffic shaping like
weighted fair queuing and prioritizing SYN's etc. That way people can watch
all the videos they want without it affecting the work of others.

You can also implement it yourself transparently with a FreeBSD box with two
adapters bridged and something like ipfw+dummynet, you'd just need to insert
it somewhere in the route (before any masquerading is performed though).

-- 
Regards,
T. Koeman, MTh/BSc/BPsy; Technical Monk

MediaMonks B.V. (www.mediamonks.com)
Please quote relevant replies in correspondence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3057 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120411/c1648332/smime.bin

More information about the freebsd-questions mailing list