LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-27-2006, 10:36 AM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190

Rep: Reputation: 60
kids and DMZ


All of us who have kids know that it is almost suicidal to allow you kids to be part of your personal network. I wanted to put my friends kids on a DMZ to separate them from the private LAN and add some kind of content filtering for them. What would be the best approach?
 
Old 12-27-2006, 10:54 AM   #2
crabboy
Senior Member
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,821

Rep: Reputation: 121Reputation: 121
I've had good success with ipcop (http://www.ipcop.org/) and when my kids are old enough to navigate to sites beyond nick-jr and Disney, I'll likely add a proxy, URL filtering and better logging. Looks easy enough with the add-ons available:

http://firewalladdons.sourceforge.net/

Out of the box there is support for 4 networks, internal, external, DMZ and a wireless network. I currently use all four, I'd be nice if there were out of the box support for additional internal networks, but so far it's been good enough for me.
 
Old 12-27-2006, 11:13 AM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190

Original Poster
Rep: Reputation: 60
Do you have your kids on a DMZ or they just a part of your private network? I was thinking about putting them on a DMZ and then adding proxy/content filtering on the firewall something like what you have usinh IPCOP. I have never used IPCOP but it seems very robust. IPCOPS is a firewall and with content filter add on it looks pretty cool. I was thinking about keeping my IPTABLES firewall script in tacked and just adding SQUID and DANSGUARDIAN but DANSGUARDIAN is not very granular. I have been having trouble individually filtering certain IP address. Any suggestions?
 
Old 12-27-2006, 11:48 AM   #4
crabboy
Senior Member
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,821

Rep: Reputation: 121Reputation: 121
For years I've maintained my own iptables scripts and moving to IPCOP has kept me from going insane. My oldest kid being only 5, he just uses one of my machines, which aside from the web server, are all in the internal or wireless network.

From the looks of the man page, it looks like the squid proxy is only available from the internal or wireless networks, so filtering the Orange may not be possible out of the box. The transparent filtering option is pretty cool.

You would need a dedicated machine to run ipcop, I use a older PII machine with 4 NICS in it. Since all it does is routing now, I'm not sure how bad squid would punish the machine if it were running.

You could always run the kids separate wired network under the blue interface, it does have restrictions to the internal network and can be filtered with squid.
 
Old 12-27-2006, 02:29 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190

Original Poster
Rep: Reputation: 60
Here is my network:

PHP Code:
firewall/DNS Server
   
-
   -
   -
Squid/Dansguardian Server (192.168.3.0)

   -
   -
   -
RADIUS Server (192.168.3.0)

   -
   -
   -
Wireless LAN (192.168.3.0

I would like this network:

PHP Code:
firewall/DNS/Squid/Dansguardian Server - - - - DMZ - - - Kids (192.168.2.0)
   -
   -
   -
Squid/Dansguardian Server (192.168.3.0)

   -
   -
   -
RADIUS Server (192.168.3.0)

   -
   -
   -
Wireless LAN (192.168.3.0 (Private) 
How would I go about doing this?
 
Old 12-29-2006, 12:04 PM   #6
crabboy
Senior Member
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,821

Rep: Reputation: 121Reputation: 121
I'm a bit confused by the diagram and how they all have the same IP address. I'm guessing that 192.168.3.0 serves as a firewall/router for the internal and wireless network? Is the RADIUS server for the internal users only?
 
Old 12-29-2006, 01:25 PM   #7
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190

Original Poster
Rep: Reputation: 60
correct 192.168.3.0 is for internal use only and the 192.168.2.0 is for the DMZ and where I want to put my kids computer along with squid/dansguardian for filtering!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
games for kids? ssfrstlstnm Linux - Software 6 10-25-2005 09:09 AM
Distro for kids? mhelliwell Linux - Distributions 10 03-06-2005 05:10 AM
linux for the kids dr_zayus69 Linux - Distributions 6 12-14-2004 09:05 PM
Kids games? raid517 Linux - Software 2 06-06-2004 05:30 AM
Linux for Kids dtsfanatic Linux - Software 2 11-11-2002 03:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration