LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-13-2006, 05:24 AM   #1
hariiyer
Member
 
Registered: May 2004
Location: india
Posts: 103

Rep: Reputation: 15
firewall internet restriction


Dear all,


I am using White Box linux and i want to restrict people to use internet as well as dowload. Please tell me how to do ? i don't want to go for squid. I want to do in Shorewall. Is there any chance in shorewall? Please guide me


shogun
 
Old 11-13-2006, 06:02 AM   #2
syedjanu
LQ Newbie
 
Registered: Jun 2006
Posts: 11

Rep: Reputation: 0
squid crashing

i think you may check size of partation where your log files are stored. Acess.log,store.log some time lack of space cause to responding squid.

df -l
 
Old 11-13-2006, 09:04 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
To be honest, using a transparent proxy like squid or dansguardian is definitely the easiest way to do this. But you can kind of hack together a solution using iptables and restricting which IP addresses an internal system can connect to. Could you be a bit more specific about what you are trying to do, like limit browsing to a handfull of sites? Restrict only a handfull of sites? Block content by keyword? Are the users browsing from the Whitebox machine or are they on internal machines using the Whitebox system as a firewall/gateway?
 
Old 11-14-2006, 12:28 AM   #4
hariiyer
Member
 
Registered: May 2004
Location: india
Posts: 103

Original Poster
Rep: Reputation: 15
i want to restrict downloads (like mp3, jpg, metacafe.com, limeware etc...). Secondly i want to give browsing restriction to the users as well as chatting also.

hari
 
Old 11-16-2006, 01:41 PM   #5
tellef
LQ Newbie
 
Registered: Aug 2005
Location: Norway
Distribution: Slackware & Debian.
Posts: 23

Rep: Reputation: 15
what shorewall does not do

Just want to add that Shorewall, great as it is, will not do any of this. Cut and paste from www.shorewall.net:

Shorewall Does not:



Act as a “Personal Firewall” that allows internet access by application.


Work with an Operating System other than Linux (version >= 2.4.0)


Act as a Proxy (although it can be used with a separate proxy such as Squid or Socks).


Do content filtering:


HTTP - better to use Squid and Dansguardian for that.


Email -- Install something like Postfix on your firewall and integrate it with SpamAssassin , Amavisd-new and Clamav

Configure/manage Network Devices (your Distribution includes tools for that).

I am fiddling with something similar as hariiyer as an add-in on my current gateway (which is basically shorewall)
and it seems squid will do the job......
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Sharing but behind firewall LordHendrix Linux - Newbie 2 06-02-2006 02:47 AM
internet works only when firewall is set to "no firewall" mymoon Linux - Security 1 05-07-2006 01:29 PM
Firewall on - internet off. wellington Linux - Security 2 01-31-2005 03:50 PM
firewall blocking internet k4zau Linux - Networking 1 09-24-2004 02:18 PM
Determining Internet IP from behind firewall belorion Linux - Networking 3 02-07-2004 09:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration