Hi guys

I am more familiar with Windows 2003 domains. We have geographically seperated branches all around Kuwait and the typical network deployment is like following:

|--Windows 2003 DC (Replicated/GC)->ISA 2004/2006->Internet Connection--->Internet

ISA 2004/2006 servers are taking care of limiting the employees from downloading and browsing non-business websites (mostly video streaming sites).

For a long interval of time, we had replicated the same for most of our branches where users exceeded a minimum 15 to 25 and couple of our new branches are hardly having less than 10 users where deploying ISA 2004/2006 on Windows 2003 mean too costly for us.

Right now we are planning to use Linux boxes (preferably free distros) to regulate and control the internet traffic. Could anybody provide us some guidelines which will clearly explain how we could use a linux box to read the user information from Windows 2003 domain and allow/block the users from accessing the internet and related services?

Thanks and regards,

The kind of services that you want to set up can use generic network software such as is available on Linux and the BSD systems. Windows has nothing to do with it. Of course Microsoft has expensive Windows based solutions but it you take the Linux or BSD route you don't have to do anything special just because the client machines are running Windows.

You should take inventory of the capabilities of the equipment that you already have such as routers that are already in service. If possible make use of their capabilities. That will spread the load over more machines. For instance a cable modem or dsl modem actually provides several network services. Typically these little boxes provide DHCP server, inbound and outbound firewall, IPSec tunnels, and possibly other network services.

Then figure out what is left. In your case you want a web proxy server at a minimum. Almost any distribution can be configured for this but there are a couple that are geared specifically for network security services. These include, but are not limited to, Monowall and IPCop.

The software that provides these types of services are Squid for web proxy and Snort for intrusion detection.

Squid can actually perform several useful services. The documentation has complete information.

Monowall http://m0n0.ch/wall/

IPCop http://www.ipcop.org/

OpenWall http://www.openwall.com/

Squid web proxy software http://www.squid-cache.org/

Snort intrusion detection software http://www.snort.org/

Dans Guardian web proxy software http://dansguardian.org/

That should keep you busy for a while.

1 members found this post helpful.

A beautiful way to greet a new comer! Appreciate your post SJ. I shall look onto those links and post my comments (As you mentioned, am sure those whole links are gonna cost me some time

Thanks and regards

1 members found this post helpful.