| 1 |
<disclaimer>I am in my last few months of my bachelors degree in CS and |
| 2 |
am averaging around 3 hours of sleep per night, and it's 2:30 am. |
| 3 |
Please forgive spelling and logical errors. I wont be offended if |
| 4 |
things are pointed out to be wrong in this post. |
| 5 |
</disclaimer> |
| 6 |
|
| 7 |
I use shorewall on a gentoo system running wolk-sources as my border |
| 8 |
firewall. It runs really nicely. If you do decide you want to proxy |
| 9 |
outgoing access from your users, squid runs VERY well for this. |
| 10 |
|
| 11 |
I've used squidguard before for content filtering as well and found it |
| 12 |
very useful. One other benifit of running a proxy is it's relatively |
| 13 |
easy to do time based filtering, like blocking outgoing network access |
| 14 |
from certian segments over the weekend. In general i'm not a big fan of |
| 15 |
leaving internet access on outside of business hours. |
| 16 |
|
| 17 |
I've heard good things about Dansgaurdian, but never tried it before. |
| 18 |
Oh and one more thing, i HIGHLY reccomend transparent proxying of port |
| 19 |
80, simply for the sake of cutting down on support calls when some self |
| 20 |
appointed techno-genius messes with their proxy settings. Read the |
| 21 |
squid and shorewall docs for info on how to do this. |
| 22 |
|
| 23 |
-Jonathan S. Romero |
| 24 |
|
| 25 |
On Thu, 2004-03-25 at 00:55, Andrew Gaffney wrote: |
| 26 |
> I'm wanting to turn a Gentoo box into a solid firewall for a DSL connection. I was |
| 27 |
> thinking about something that controls outgoing connections as well as incoming. Maybe a |
| 28 |
> proxy server running on port 8080 and the firewall blocking all outgoing requests except |
| 29 |
> through the proxy (for blocking virus network traffic). I was wondering if anybody had a |
| 30 |
> similar setup. |
Archives