Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
All of us who have kids know that it is almost suicidal to allow you kids to be part of your personal network. I wanted to put my friends kids on a DMZ to separate them from the private LAN and add some kind of content filtering for them. What would be the best approach?
I've had good success with ipcop (http://www.ipcop.org/) and when my kids are old enough to navigate to sites beyond nick-jr and Disney, I'll likely add a proxy, URL filtering and better logging. Looks easy enough with the add-ons available:
Out of the box there is support for 4 networks, internal, external, DMZ and a wireless network. I currently use all four, I'd be nice if there were out of the box support for additional internal networks, but so far it's been good enough for me.
Do you have your kids on a DMZ or they just a part of your private network? I was thinking about putting them on a DMZ and then adding proxy/content filtering on the firewall something like what you have usinh IPCOP. I have never used IPCOP but it seems very robust. IPCOPS is a firewall and with content filter add on it looks pretty cool. I was thinking about keeping my IPTABLES firewall script in tacked and just adding SQUID and DANSGUARDIAN but DANSGUARDIAN is not very granular. I have been having trouble individually filtering certain IP address. Any suggestions?
For years I've maintained my own iptables scripts and moving to IPCOP has kept me from going insane. My oldest kid being only 5, he just uses one of my machines, which aside from the web server, are all in the internal or wireless network.
From the looks of the man page, it looks like the squid proxy is only available from the internal or wireless networks, so filtering the Orange may not be possible out of the box. The transparent filtering option is pretty cool.
You would need a dedicated machine to run ipcop, I use a older PII machine with 4 NICS in it. Since all it does is routing now, I'm not sure how bad squid would punish the machine if it were running.
You could always run the kids separate wired network under the blue interface, it does have restrictions to the internal network and can be filtered with squid.
I'm a bit confused by the diagram and how they all have the same IP address. I'm guessing that 192.168.3.0 serves as a firewall/router for the internal and wireless network? Is the RADIUS server for the internal users only?
correct 192.168.3.0 is for internal use only and the 192.168.2.0 is for the DMZ and where I want to put my kids computer along with squid/dansguardian for filtering!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.