1 |
>>> |
2 |
>> |
3 |
>> I think you would do well to setup a squid proxy and block outbound |
4 |
>> traffic for the affected machines. We've had great success with squid |
5 |
>> in our environment. This gives you a tremendous amount of flexibility |
6 |
>> on your access control, and it means you don't have to be concerned |
7 |
>> about which transport methods are used when updating/installing. |
8 |
>> Added bonus is that the squid caches your Gentoo download objects. |
9 |
> |
10 |
> Is that tough to set up? I would think an iptables solution would be |
11 |
> easier, but maybe that won't work out. |
12 |
> |
13 |
|
14 |
Well, you'll end up using iptables anyway right? If you really want |
15 |
to -force- folks to get out through a proxy, that is. Since you |
16 |
mention that the router is a gentoo box, should be an easy one. |
17 |
|
18 |
Tough to setup Squid? Naw. Of course, it's like most things, we don't |
19 |
know much about your network or the scope of your requirements. For |
20 |
our use case, we needed the following: |
21 |
|
22 |
-forced access through the proxy |
23 |
-website URL blacklisting and custom redirection based on massive regex lists |
24 |
--Automated notification on certain 'violations' |
25 |
-user account login to the proxy before internet access |
26 |
-username tied to all proxy logs |
27 |
-'manager' access to log data via nifty graphs on a web server |
28 |
|
29 |
So, ours took some time. :) |
30 |
|
31 |
Ya, I know these folks were uuber paranoid, and wanted the ability to |
32 |
nab folks for what they felt like was inappropriate internet usage... |
33 |
Anyway your situation sounds much simpler. So simple in fact that |
34 |
just a few tweaks to the default squid.conf can provide you with a |
35 |
functional config. |
36 |
|
37 |
There are heaps of doco out there on configuring Squid, so you should |
38 |
have a look and see what you think. You can easily get a little test |
39 |
proxy going on a desktop or laptop to try it out. :-) |
40 |
|
41 |
Hope this helps! |
42 |
|
43 |
-- |
44 |
Matt |