@Anton ... I understand where you are coming from, but try telling that to the bosses of the smaller SMEs. They are just plain paranoid. They worry about Facebook, MSN, MySpace, Twitter etc. In fact, some of them even block all access to web emails and make sure all email in/out are archived! (I couldn't access gmail using a client's network <sigh>)
@Hung ... Harish's suggestion of running a transparent proxy would be the most appropriate and it doesn't take much effort. However, I would like to add that education is still the best bet. Inform your friend that there is no such thing as a true 100% block. There are so many ways of by-passing such a proxy. Anton has already brought out a valid point, what about Mobile Broadband sticks? While running a transparent proxy will be sufficient to block, one still has to look at the broader picture as to how you or your friend would like to deal with mobile broadband etc. Essentially, the building blocks of such a configuration would be as follows: (a) get a dual-home linux machine ... nothing over powered. a used pc could also be sufficient so long as you are not paranoid about hardware failures ... (b) connect one end of the linux machine to the router. configure this on one subnet i.e. 192.168.0.0/255.255.255.0 (c) connect the other end of the linux machine to the switch where all the other PCs are interconnected. this shall be on a different subnet i.e. 192.168.1.0/255.255.255.0 (d) on the machine, install linux and configure the following enable ip forwarding enable iptables for masquerading install dhcpd configure dhcpd to give itself as the gateway configure dhcpd with mac address reservations i.e. mac address A will always get 192.168.1.200 i.e. mac address B will always get 192.168.1.201 install squid configure squid for access rights i.e. what sites to block for which IP address i.e. what time to release the block i.e. maybe 12-2pm no block etc... (e) reboot and enjoy That would be the main building blocks. It covers the major components as to what is required for a transparent proxy but certainly, there are still many loopholes as to one can bypass that transparent proxy (mobile broadband, socks proxy, ssh forwarding etc. etc. etc.) Hope this helps :) On Sun, 2010-05-09 at 03:48 -0700, Anton wrote: > Here are two more, easily bypassable solutions: > - apply an ACL using Dlink's internal firewall; > - remove DNS settings from other workstations and specify IP > addresses for allowed site in the "hosts" file > > Regardless of method, keep in mind new technologies such as mobile > internet before starting this thankless fight. I personally think it > is a bad idea which neither increases productivity nor creates > healthful environment in your office. > > PS. It's something ludicrous in using open software for user's freedom > restriction. > > > On 8 May 2010 03:23, Harish Pillay <[email protected]> wrote: > >> Hi, my friend's office uses a simple dlink adsl modem/router for > >> internet/email. There are 5 peer to peer computers, all using windows op > >> systems. She has asked me how to allow only her computer to access all > >> websites but to limit the other 4 computers to only certain websites, eg, > >> all S'pore government sites, yahoo mail allowed, gmail allowed. > >> > >> How do I build/configure a linux computer to do this? > > > > You can run a squid as a proxy (and a transparent one at that) to effect > > this. > > > > http://tinyurl.com/36pmohf > > > > Regards. > > -- > > Harish Pillay [email protected] gpg id: 746809E3 > > fingerprint: F7F5 5CCD 25B9 FC25 303E 3DA2 0F80 27DB 7468 09E3 > > > > _______________________________________________ > > LUGS Mailing list - [email protected] > > List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq > > Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet > > To unsubscribe send an empty email to: [email protected] > > > > _______________________________________________ > LUGS Mailing list - [email protected] > List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq > Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet > To unsubscribe send an empty email to: [email protected] _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
