How to configure Proxy & Firewall on SuSE 11.4?
I need to restrict access to the internet and keep unwanted software out of LAN with 45 workstations at the school I teach at.
I thought about configuring a proxy and firewall on SuSE 11.4? Any suggestions and directions on how to will be appreciated. |
I am an admin in a company having 800 empl.
We use SLES9 and squid. I migrated that from time to time. I really like it. Runs perfectly. Viruswall may be amavis. If you need help do not hasitate to contact me. You should think about personell account for each user, as users tend to make stupid things in the internet. Can be ldap or local pw-file, we did both but now we are using ldap as the users get to much to store the pw at two locations. Did you think about using CentOS ? Maybe the better sollution. Depends on what you know about RedHat/Fedora. OpenSuSE may requiere an OS change more often ? As we changed the OS three times now ( Started with SuSE7, then SLES8, then SLES9 ) I can say that it is easy but takes some time. So my suggestion: - Firewall : Iptables / really easy, fast and stabil if you once get used to it - Proxy : Squid / I use it for 6-8 years now and its perfect - Viruswall: Amavis / Not perfect, but how is ? - Authentication : What you like : Ldap or local file |
A layer 7+ device or application would be a choice. If you want, a Vm running something like untangle may work.
|
Thank you for the directions.
I am downloading CentOS. Haven't used it before, will look at it. I will give iptabels and a squid as transparent proxy a try. Haven't done before. Also saw ipfire on the internet. Is it worth trying/investigating? |
There are many good products that you should look at and consider. Many make easy work of protecting your lan and wan.
Don't like untangle? http://www.techradar.com/news/softwa...rewalls-697177 http://www.fsckin.com/2007/11/14/7-d...alls-reviewed/ http://en.wikipedia.org/wiki/List_of..._distributions |
Quote:
@saavik Quote:
A linux firewall will be iptables/netfilter underneath; there is a variety of 'friendly' front-ends that you could use and a variety of net-appliance type boxes that you could get that package and (somewhat) pre-configure things for you, but none of this is necessary, and may even be unhelpful if you have a network arch that is different from the default for the system that you are using. I would advise that anyone tries to understand iptables and networking; even if you use an 'easy' front end, having a look at the ruleset that it generates is a good thing, and gives you an extra degree of confidence that its understanding of what is needed and your understanding are in line. Given all this, it is less about 'What firewall product should I get' than 'Do I understand networking and firewalling well enough to get the best out of it'. You don't say anything about your network arch; I'm guessing that the firewall you mention is a separate box, rather than firewalling the individual user workstations. @saavik Quote:
|
My idee is to put a linux box, with firewall (iptables) and transparent proxy (squid) between the wireless internet router and the windows network and to have a per user or per group access with usernames and passwords to access the internet. Preferable with logging and caching of pages as sometimes a whole class group nedd to access the same web pages. In that way redising to bandwidth used. I hope my idee is correct? Implementing is another challenge.
|
Quote:
So Code:
Win ----> Router -------> Internet Code:
Win ----> Router ----> Squid/iptables -------> Internet Quote:
|
Sorry for the typing errors.
My idee is like this: Windows Network (Wired LAN with Win 2003 Server) -----> Squid IP tables box -----> Router - MicroTik Installed by ISP -----> Wireless Internet Hope this is more clear. |
sounds good to me.
Except of the wlan we use(ed) it in the same way. If you need help... |
All times are GMT -5. The time now is 07:49 AM. |