I am a hardware expert but software is my weak point.

We are opening an "internet cafe" at my church for an outreach. The cafe is going to be so much more then just the internet but let's concentrate on that part.

I have an Dell Poweredge 2950 server with one quad core CPU in it. I looked at going with a MS Server software but it is cost prohibitive.

I currently have 4 desktops set up for people to use all running XP Home and I have 5 Laptops coming in that will be running XP Home or Pro.

People will be allowed to bring their own systems in and access the internet. These will be most likely XP to 7.

Here is what I am wanting to do:

1. I would like to create an image of my in house systems so I can restore them from the server if needed.

2. Restrict sites such as pornographic and pirated software.

3. Get a report at the end of the day where computers did go on the net.

4. Have a computer go to a page when they bring up a browser having the person click to accept the terms of their use.

This is basically all I need to do. I want to be able to do #s 2, 3 and 4 on computers people bring in in addition to the ones in house.

Is this going to be possible with a Linux setup? Please advise starting direction and possible sites to research.

Please understand that this will be in a church so we do need to restrict the porn and things like that that would not be appropriate in a church setting. The service will be free to all that come in. We have also acquired a 59 inch HDTV and have a popcorn machine, things like that.

Thank you so much for your help in this matter.

Sincerely,

Andy

Hi Andy,

You can certainly use your server that way, for storing images of systems you could look at CLONEZILLA , we use that at the day-job to keep images of Windows 7 machines for easy re-provisioning.

Regarding your filtering of content etc. take a look at SQUID, it's a proxy server that should suit your needs. The only requirement is that users would have to set their browser to use your server as the proxy. While this can be done with WPAD it sometimes fails on Windows clients and you'll have to configure a browser manually.

You'll also need to use some form of internal / external firewall (IPTABLES would probably be fine) to block any http/https connections from your client machines directly to the internet.

Now while I'm sure this will "offend" certain members here, have you also considered using a dedicated firewall/router/content filtering device? Something like a FortiGate 80C might be ideal for your application. We use that at the day job to provide protection and content filtering using Forti's own content filtering categories.

1 members found this post helpful.

Thank you for your help in this TenTenths. I am going down to the church shortly and will play with your suggestions at that time.

As I do end up finding working solutions I will post them back here as it may help others in the future.

Thanks again.

Anyone else have any experience in this?

Thanks,

Andy

@CRSARM:

Try a 'net search for "squid transparent proxy". You should get hits on setting up squid HTTP proxy in a way that client configuration is not needed.

As for a pre-packaged content filtering solution, look at DansGuardian.

System backups are another story. I don't have experience with any MS Windowns or OS-independent solutions, but Clonezilla, as already mentioned, probably is a smart approach. Just image the whole thing.

Having a TOS page before they continue is a good idea, as there are effectively an infinite num of 'naughty' websites out there... there's no way to block them all and attempts to do so usually end in blocking perfectly good eg medical sites.
That doesn't mean you shouldn't do ANY filtering, but be aware you can't be 100%; you'll need to make your management aware of this to avoid getting the blame.

1. As mentioned, Clonezilla will be able to clone your system image(s).

2. Squid in transparent mode combined with either Dansguardian or SquidGuard.

3. I have used Sarg for this in the past.

4. Use the old fashioned way of "please read and sign these terms of conditions" - any trouble or arguments over sites visited and you just wave that piece of signed paper at them and say goodbye.

You may want to save a lot of toil and use a free solution that will do most, if not of all of what you require. Take a look at Smoothwall or pfSense (my favorite), both have lots of options and addons to customise it to (or close to) your requirements.

Thank all of you so much for all your help/ideas. I thought we were going to open the cafe yesterday but it ended up being delayed for a week so I have some more time now.

I was told that the guy that handles the computers for the high school in the next town over has a lot of experience with all of this. When I asked for his name it looks like we are cousins. I am going to give him a call and see if he will come over and actually help me put all this together as he will be stronger at that then me.

I do appreciate all the help and if anyone has more ideas please post them here. Once we have it all worked out I will come back and post the results so they will be available if someone is doing something that they need this kind of setup.

Bless all of you.

Andy

Hi CRSARM

I don't know anything about what I'm suggesting,
but I thought it may be the thing you're looking for is
Hotspot Radius portal
and a list of hosts identified as unwanted spyware (from this site)
for blocking some potentially dangerous sites.

I'm sorry I can't find any Hotspot radius examples as it seems no free version of it is provided. Maybe someone here at LQ has more experience with it, please make suggestion.

Best Regards