Quote:
Originally Posted by joebpa
I want the Debian to run everything DHCP, DNS, Squid, Firewall, or any other products needed. It may also handle SNMP traffic.
|
and
In your earlier post it seemed as if you knew that you needed DNS, but now it seems like an open question. You might, technically,
need DNS or it might just
make life easier for you, so it may not be enough to know that you don't need it.
If you are running an externally adressable website on on of these network segments, then you will need dns (but, equally, that's not the same as needing a dns server). This is normally a very, very bad idea, so I'm hoping this isn't the case.
If the classroom computers need to access a number of different servers, and accessing these servers by name is a convenience, then there may be a case for running DNS internally. You say nothing that makes this seem to be the case, so from the information so far, so it is quite possible that you don't need this.
(Note, that even if you do need DNS, this isn't the same as saying that you need BIND. There are servers that can do both DNS and DHCP and are simpler to configure than BIND, so there reasons to consider other servers.)
You can get a certain amount of monitoring from squid and associated utilities. Whether this does what you want is another matter; if you want to tie web pages back to a user, there are a certain number of stages to go through. You'd probably know which IP address that was, but that's an IP you may have given out dynamically, so that doesn't even tell you which workstation that was, and even if that was tied to a workstation, you may not know which user was logged in at the time.
But if you merely wanted to know that someone in the class had tried to access a 'bad' website, that would much easier.
So can you define exactly what you want?
Quote:
Block web traffic outbound
|
You don't seem to mean 'block all http/https accesses from internal computers', so what do you mean?
Quote:
Block bad traffic inbound from ISP
|
If you can define an iptables rule for it, you can decide how to deal with it. If, however, you know that its bad traffic, you should be trying to drop the packets at the perimeter of your network, not at a point well inside (or, you could argue, trying to do both is safer, but then it might be more difficut to administer...).
Quote:
So learn me oh wise ones. I am luke and you are OB1. Show me the path!!
|
Well, I don't have that many wrinkles...yet. The first tip is that one thing that determines how good the answers are that you get is how good the questions are that you ask.
I'm sure that you can do something very like the thing that you have described, but your description was hardly a system specification, and some of the descriptions were capable of more than one interpretation.