1 |
<disclaimer>I am in my last few months of my bachelors degree in CS and |
2 |
am averaging around 3 hours of sleep per night, and it's 2:30 am. |
3 |
Please forgive spelling and logical errors. I wont be offended if |
4 |
things are pointed out to be wrong in this post. |
5 |
</disclaimer> |
6 |
|
7 |
I use shorewall on a gentoo system running wolk-sources as my border |
8 |
firewall. It runs really nicely. If you do decide you want to proxy |
9 |
outgoing access from your users, squid runs VERY well for this. |
10 |
|
11 |
I've used squidguard before for content filtering as well and found it |
12 |
very useful. One other benifit of running a proxy is it's relatively |
13 |
easy to do time based filtering, like blocking outgoing network access |
14 |
from certian segments over the weekend. In general i'm not a big fan of |
15 |
leaving internet access on outside of business hours. |
16 |
|
17 |
I've heard good things about Dansgaurdian, but never tried it before. |
18 |
Oh and one more thing, i HIGHLY reccomend transparent proxying of port |
19 |
80, simply for the sake of cutting down on support calls when some self |
20 |
appointed techno-genius messes with their proxy settings. Read the |
21 |
squid and shorewall docs for info on how to do this. |
22 |
|
23 |
-Jonathan S. Romero |
24 |
|
25 |
On Thu, 2004-03-25 at 00:55, Andrew Gaffney wrote: |
26 |
> I'm wanting to turn a Gentoo box into a solid firewall for a DSL connection. I was |
27 |
> thinking about something that controls outgoing connections as well as incoming. Maybe a |
28 |
> proxy server running on port 8080 and the firewall blocking all outgoing requests except |
29 |
> through the proxy (for blocking virus network traffic). I was wondering if anybody had a |
30 |
> similar setup. |