Just a few questions for yas....keep in mind i am still learning lots of this stuff!!


1) I have a firewall operational, i wish to know what sites and stuff the internal LAN machines access, how do i do this? is it thru logs? if so where!

2)are there any good tools for monitoring network traffic(mainly to eliminate and detect porn usage)

3)how can i quickly and easily block a internal LAN machine from internet sites and access?

4)Any good documents/sites for newbie network adminstration for network traffic etc???


cheers for ur help

I dont use a linux box for my firewall but I have looked into it, here are some links I've come accross that may help you:

http://www.linuxsecurity.com/docs/colsfaq.html#2.1
http://www.netfilter.org/documentati...ilter-faq.html
http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
http://www.samag.com/documents/s=182...201d/0201d.htm
http://www.netfilter.org/
http://logi.cc/linux/athome-firewall.php3
http://security.ittoolbox.com/
http://www.cert.org/tech_tips/
http://www.insecure.org/reading.html
http://www.interhack.net/pubs/fwfaq/
http://www.linux-firewall-tools.com/linux/
http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
http://www.linuxdoc.org/HOWTO/Security-HOWTO.html
http://www.linuxsecurity.com/docs/
http://www.interhack.net/pubs/fwfaq/
http://www.linuxvoodoo.com/howto/ipt...-tutorial.html
http://www.tek-tips.com/gviewthread..../54/qid/140811
http://www.linux-firewall-tools.com/linux/
http://netfilter.filewatcher.org/ipchains/
http://netfilter.samba.org/ipchains/HOWTO.html
http://www.linuxguruz.org/iptables/
http://www.netfilter.org/documentation/index.html#HOWTO

Sorry for all the links, I just went threw my bookmarks and put the ones that related to firewall stuff.

Maybe I will look into it again, I have a spare box that I use for a samba server. But I dont really want to put that box on the net.

One of the most "efficient" ways to control/monitor client traffic to the internet is to use a Proxy Server.
This is a server which takes client requests and passes them to the outside world. You can choose to cache requests to help speed, or apply ACL Access Control Lists to tailor external access.

If you primarily want to do http control, I suggest you start at http://www.dansguardian.org for their content filter, which talks to a Proxy Server, Squid for example, then add different proxies for SOCKS, ftp, email etc.
Be ready for a quick learning curve...
Regards,
Peter.

It definitely sounds like you need a proxy server as previously mentioned, I'd start with Squid http://www.squid-cache.org/

ok...forgive my ignorance....

now a proxy server basically takes requests from internal LAN machines and then (if necessary) passes them onto the internet (modem)? right!...

i use a firewall script which is started when ppp0 is initialized, which does all the ip masq stuff using iptables....

how does the firewall fit into with the proxy server..??


cheers for those links fellas...

and yes i am aware i am in for a STEEP learning curve..lol....but sometimes its best to jump in the deep end!!!

thanks...

The firewall scripts allow you to look deeper at the TCP/IP & UDP protocols, send packets to different destinations, block crap, LOG activity, and be a gateway device.

For "content" type logging and filtering, proxy servers are the go.
Regards,
Peter.