Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?

Joshua Isom jrisom at gmail.com
Tue Apr 10 06:30:14 UTC 2012 

On 4/9/2012 10:27 PM, Jorge Biquez wrote:
>
> As always there are some "experts" that controls everything
> and do not let you change anything because is their kingdom.

What do they control?  The network infrastructure?

> One of the managers asked me for help to block some web sites were some
> students in the other lab and people that helps there waste bandwithd
> seeing videos, movies (youtube, cuevana, serieid, etc) and spend lot of
> time on facebook also.

This is a network issue.  You can try to detect a client using too much 
bandwith for a period of time, and then throttle them.  Dropping tcp 
packets will force throttling.  Blocking websites is more effective at a 
firewall than a desktop.

> with a few that are seeing movies and videos the rest of us can not work
> at all. Thing is that "other manager" (you know how those things are
> sometimes) do not want us to do that since his "guru" and expert is the
> one that controls all the Network. So the best we could get until now is
> that we can do "all we can" without touching the Cisco routers and until
> now not administrative password for change anything on the PCs (that
> could change one we prove that we can have the solution and show it to
> the board of people that runs the place).

They're asking you to fix a network problem but refuse to give you 
control of the network.  Ask the administrators what happens if all the 
software you've installed is bypassed by someone bringing in a laptop, 
or you switch to WiFi and everyone's on a cell phone you done control. 
Deal with the problem at the network.

> The Internet provider gives the DNS servers to use and one of the
> routers gives the DHCP service.
>
> First thing I thought was to change the DNS servers and use the one from
> my small office (running Freebsd 7.3) using Bind there and simply block
> there pointing the sites to nothing in the Apache configuration. It does
> not work. Once changed the DNS values the PC does not resolve anything.
> It was a quick test but that does not work. Not sure if Internet
> provider is blocking in some way that we can not use other DNS server
> but theirs.

Google is 8.8.8.8 and 8.8.4.4, easy enough to remember, and circumvent.

> Other solution I was thinking while coming home was to convert one
> machine there to a freebsd server and use it as a router (if they let
> me) so that way I can control from there and do filtering. Issue is that
> maybe they do not let me but connect the server as an extra machine
> without replacing the main router so in that case I would have 2 DHCP
> servers doing the same service in the same lan and could be conflicts I
> guess.

That's affecting the network and causing a mess for no good reason.

> Another solution a friend suggested was to buy one small router (from my
> money for sure) and let that small router to receive the internet (RJ45)
> and from that with the small 4 port switch included to provide the
> internet to the switches to feed the labs , library and administrative
> offices. I have never use one of those and I am short on money so I
> would like to explore other alternatives before if possible.

Adding a router won't help for the real problem.

> Finally another solution would be to install in each PC a kind of Nanny
> software but only if free, otherwise is not a solution (I do not know of
> any yet but will do searching the following hours).

And then you have to trust the software.  Some software will ban health 
information, such as breast cancer, but because of so many porn websites 
created so fast they can still allow porn.  In any case, it's just a 
firewall.

> I know all can be solved if the "guru-expert" guy would let me have
> passwords from PC's, router, etc but that won't be an option since they
> think we would try to take the control of those services (we do not want
> that) so the burocracy could be a problem there. He have told them that
> to block is not possible (they have been working that way for years).

The block is possible, but it's a network issue, the other guy.  Either 
he does it, or you take over the network.  The more centralized and 
built into the network it is, the more effective it is.

> So, in this kind of schema. Do you think FreeBSD (even linux) could be
> of help if we do not have access to routers, switches and can not
> install new software on the PCs( the ones running XP)?

No.  You lack the network control to control student's computer use.

> Any comments you have that could help me to solve this challenge?
>
> Thanks in advance for your time and comments.
>
> Jorge Biquez
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list