Re: home lan with freebsd as gateway / security issues

[P.U.Kruppa]

On Tue, 28 Aug 2007, Zbigniew Szalbot wrote:



Dear all,

Please bear with me one more time. In two months I will need to set up a
home network and I was planning to use a spare freebsd box as a gateway,
proxy (squid) and content filtering (dansguardian). I am basically ready
but the more I think about it, the more worried I am.

That is - for content filtering to work without bypassing it, I will need
to put the machine in front of my wireless router, won't I? I am going to
do some reading on tightening FreeBSD security and closing ports/services I
do not need. My question is more general, though, I would simply like to
know if there's any simple way to put the box behind a router and sitll be
able to do transparent proxying of requests originating from my LAN?
Yes: generally spoken: a gateway/proxy is what you tell your 
client machines to use as a gateway/proxy. You can just set it 
anywhere in your network and make it suck its data from your 
router.
Transparent proxying might be a bit difficult to set up at times 
but you can start with an ordinary cache-proxy (called by 
requests on port 8080 or something).
As long as your kids don't have admin rights on their 
workstations, they won't be able to change it.


By the way: blocking single addresses or even some expressions 
won't keep anyone from watching bad pages - all one needs is 
google and some patience.
But of course you can use squid's log files to control what your 
kids really did.


So - sorry for adding educational hints - talk to your children 
first and explain the meaning of the word trust to them. When 
they really believe they have to deceive you, they probably will 
be able to live without a computer for some time.


Sorry, this really was off topic.

Regards,

Uli.


What I
really need is content filtering so that my kids won't accidentaly go to
bad sites.

I am not really an administrator so my knowledge is limited but I love this
(FreeBSD) system and want to continue using it and learning the ropes. What
would you advise a person like me?

Many, many thanks!

Zbigniew Szalbot

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





Peter Ulrich Kruppa
Wuppertal
Germany

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: home lan with freebsd as gateway / security issues

[Zbigniew Szalbot]

Hi,

On Tue, 28 Aug 2007 18:01:02 +0200 (CEST), P.U.Kruppa
[EMAIL PROTECTED] wrote:
 do not need. My question is more general, though, I would simply like to
 know if there's any simple way to put the box behind a router and sitll
 be
 able to do transparent proxying of requests originating from my LAN?
 Yes: generally spoken: a gateway/proxy is what you tell your
 client machines to use as a gateway/proxy. You can just set it
 anywhere in your network and make it suck its data from your
 router.
 Transparent proxying might be a bit difficult to set up at times
 but you can start with an ordinary cache-proxy (called by
 requests on port 8080 or something).
 As long as your kids don't have admin rights on their
 workstations, they won't be able to change it.
 
 By the way: blocking single addresses or even some expressions
 won't keep anyone from watching bad pages - all one needs is
 google and some patience.

I use dansguardian it is much more than a simple page block. DG is a very
useful tool.

 So - sorry for adding educational hints - talk to your children
 first and explain the meaning of the word trust to them. When
 they really believe they have to deceive you, they probably will
 be able to live without a computer for some time.

Absolutely - that's what I do. I only want to prevent situations where kids
by accident go to bad sites (spoofed urls, and the like). I do not have a
problem of kids trying to cheat me. 

 
 Sorry, this really was off topic.

No problem. I appreciate all advice. I can always learn something, can't I?


-- 
Zbigniew Szalbot
www.slowo.pl
www.lcwords.com

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]