On 4/9/2012 10:27 PM, Jorge Biquez wrote:
As always there are some "experts" that controls everything and do not let you change anything because is their kingdom.
What do they control? The network infrastructure?
One of the managers asked me for help to block some web sites were some students in the other lab and people that helps there waste bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and spend lot of time on facebook also.
This is a network issue. You can try to detect a client using too much bandwith for a period of time, and then throttle them. Dropping tcp packets will force throttling. Blocking websites is more effective at a firewall than a desktop.
with a few that are seeing movies and videos the rest of us can not work at all. Thing is that "other manager" (you know how those things are sometimes) do not want us to do that since his "guru" and expert is the one that controls all the Network. So the best we could get until now is that we can do "all we can" without touching the Cisco routers and until now not administrative password for change anything on the PCs (that could change one we prove that we can have the solution and show it to the board of people that runs the place).
They're asking you to fix a network problem but refuse to give you control of the network. Ask the administrators what happens if all the software you've installed is bypassed by someone bringing in a laptop, or you switch to WiFi and everyone's on a cell phone you done control. Deal with the problem at the network.
The Internet provider gives the DNS servers to use and one of the routers gives the DHCP service. First thing I thought was to change the DNS servers and use the one from my small office (running Freebsd 7.3) using Bind there and simply block there pointing the sites to nothing in the Apache configuration. It does not work. Once changed the DNS values the PC does not resolve anything. It was a quick test but that does not work. Not sure if Internet provider is blocking in some way that we can not use other DNS server but theirs.
Google is 8.8.8.8 and 8.8.4.4, easy enough to remember, and circumvent.
Other solution I was thinking while coming home was to convert one machine there to a freebsd server and use it as a router (if they let me) so that way I can control from there and do filtering. Issue is that maybe they do not let me but connect the server as an extra machine without replacing the main router so in that case I would have 2 DHCP servers doing the same service in the same lan and could be conflicts I guess.
That's affecting the network and causing a mess for no good reason.
Another solution a friend suggested was to buy one small router (from my money for sure) and let that small router to receive the internet (RJ45) and from that with the small 4 port switch included to provide the internet to the switches to feed the labs , library and administrative offices. I have never use one of those and I am short on money so I would like to explore other alternatives before if possible.
Adding a router won't help for the real problem.
Finally another solution would be to install in each PC a kind of Nanny software but only if free, otherwise is not a solution (I do not know of any yet but will do searching the following hours).
And then you have to trust the software. Some software will ban health information, such as breast cancer, but because of so many porn websites created so fast they can still allow porn. In any case, it's just a firewall.
I know all can be solved if the "guru-expert" guy would let me have passwords from PC's, router, etc but that won't be an option since they think we would try to take the control of those services (we do not want that) so the burocracy could be a problem there. He have told them that to block is not possible (they have been working that way for years).
The block is possible, but it's a network issue, the other guy. Either he does it, or you take over the network. The more centralized and built into the network it is, the more effective it is.
So, in this kind of schema. Do you think FreeBSD (even linux) could be of help if we do not have access to routers, switches and can not install new software on the PCs( the ones running XP)?
No. You lack the network control to control student's computer use.
Any comments you have that could help me to solve this challenge? Thanks in advance for your time and comments. Jorge Biquez _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
