Re: Turorial on Gateways and port forwarding
- From: noone@xxxxxxxxxxx (Speechless)
- Date: Wed, 01 Aug 2007 01:16:35 GMT
On Tue, 31 Jul 2007 09:23:16 -0500, Bill <isspecialist@xxxxxxxxxxx>
wrote:
Can anyone point me in the direction of a tutorial or two on setting up a
FreeBSD server as a gateway?? What I need to do is change our current
system of connecting directly to the router for internet access to one
where all internet access goes through a server where I can monitor usuage
and also block out or allow access to web sites.
I also want to be able to send all port requests that come in from the
router to this server and then redirect them to where they are needed.
The router is part of a T1 phone line system that splits off bandwidth for
a dsl speed connection and I do not have access to it other than to have
the phone company do everything so I'm looking to use it as a dumb gateway
to the net but use the server to redirect the ports.
Along with the web censorship can anyone tell me are there any programs out
there that will allow me to block based on content and per site? What I
mean is I'd like to be able to block specific sites, ebay, youtube, etc and
any other sites that manaegment wants blocked but I'd also like to be able
to let the user try to access sites and have the server pre-read the site,
or at least the current page requested, and make a determination based on
settings or keywords if the site should be blocked or not.
Thanks in advance.
Bill
Err, it is not clear what you will gain by doing work that your phone
company does for you according to your specifications...
If a telco programmed beast sitting at the end of a T1 can't do the
job for you, you might want to keep your life simple and have a look
at a NetGear FVS114 plug and go box @ <$100 per unit:
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS114.aspx
* Small, compact, about the size of a paperback book
* Silent, low power consumption, about 12 Watts via wall wart
* Built-in content filtering
* Administration via web browser from any computer
* Inexpensive
Depending on how large your organization is, you might consider
getting one of these for each department, lock them all up in a wiring
closet under your control, and let each department head determine what
filtering policy will yield optimal productivity in his department and
set the filtering policy accordingly via the web browser interface on
a unit dedicated to his department. The onus is on the department
heads to enforce corporate policy and to be held accountable for what
goes on in their departments. You just need to provide the tools for
them.
You might want to wire all the departmental units up in series with a
unit that is under your exclusive control (or maybe get your phone
company to program their router one last time). Program your unit to
filter out the porn on a corporate wide basis to meet minimal legal
requirements. This way, if some department head decides he wants his
department to have wide open internet access, he can do as he pleases,
but the unit under your control will prevent his department from
accessing the prohibited web sites.
By doing filtering in a layered way like this, you'll find that the
production floor managers will lock things down air tight, while
technical and financial managers will tend to leave things as wide
open as the unit under your control permits them. Doing it the way
you propose with a one size fits all policy will keep you very busy
day and night programming policy exception lists into your "gateway"
that contradict each other. Been there, done that.
Just my $.02
.
- Follow-Ups:
- Re: Turorial on Gateways and port forwarding
- From: Bill
- Re: Turorial on Gateways and port forwarding
- Prev by Date: Re: Turorial on Gateways and port forwarding
- Next by Date: Re: DMA status
- Previous by thread: Re: Turorial on Gateways and port forwarding
- Next by thread: Re: Turorial on Gateways and port forwarding
- Index(es):
Relevant Pages
|
