Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
04-07-2006, 06:16 PM
|
#1
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Rep:
|
Setting Slack box as Firewall and Content Filter for School
I teach at a fairly small Christian school and one of our newest teachers (teaches history and media [school TV show]) has helped improve our constantly down and problem prone Windows network. Until he started working on our network, the system used to go down regularly and STAY down for a while. It was really annoying. In any event, I was chatting with our media teacher and I shared with him how I run Linux on my laptop that I bring to school everyday. He said that he would like to setup a Linux box on the network as a firewall and web content filter (block specific sites and sites with inappropriate content). I told him that I would look into how to setup Slackware for this purpose. I have done a search on Linux Questions and on the net. The information I found was a tad sketchy. Have any of y'all setup a Slack box for this purpose? I need all of the guidance I could get.
|
|
|
04-07-2006, 06:23 PM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep:
|
You can use Squid for this, either from http://www.squid-cache.org/ or there may be a package on the CDs. It's a bit tedious parsing log files so you may want to use something like Calamaris ( http://cord.de/tools/squid/calamaris/) to help with that.
If you find that setting up access control lists is a bit clunky, there are other tools like DansGuardian ( http://dansguardian.org/) that work with Squid to provide content filtering.
That's a vague answer I've given you, but I'd recommend starting with Squid and building from there. Once you start having specific problems there are plenty of people here who can help.
Last edited by gilead; 04-07-2006 at 06:24 PM.
|
|
|
04-07-2006, 09:15 PM
|
#3
|
Member
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795
Rep:
|
SARG ( http://sarg.sourceforge.net/) is also a nice reporting tool for Squid.
|
|
|
04-10-2006, 08:30 PM
|
#4
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Ok, I will be given the PC to setup tomorrow. Having looked at Squid, their website recommends at least 512MB of RAM for the web caching. PROBLEM....the machine will only have 128MB. Now, do I REALLY need that much for a content filter?? I suppose I might be able to ask our tech teacher for more RAM if he has it in another machine that is just laying around.
Suppose I don't like Squid, could I just use DansGuardian only? It appears that DansGuardian allows for everything I am looking for; content filtering, URL filtering, etc.
Ok, last question. I was told that I need to setup the PC as a Firewall. How do I do that?
Thanks for helping out this newbie.
|
|
|
04-10-2006, 10:30 PM
|
#6
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Ok, is there any alternate, less memory demanding solution? I read somewhere that Apache can be used for a proxy.
|
|
|
04-10-2006, 10:35 PM
|
#7
|
Member
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795
Rep:
|
Apache's proxy capabilities are for something else entirely. Squid is a decent hog, but considering the traffic it's handling...
Memory is really cheap these days; why not bump up the amount?
|
|
|
04-10-2006, 10:55 PM
|
#8
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Well, here is the deal. There are about 10 computers in the library, 7 in our media teacher's room, about 7 or 8 for administrators and about 5-7 classroom computers. That's about 25 or so. In our other school building there may be about as many PCs. Now it is HIGHLY unlikely that all of these machines will surf the net at the same time. In fact I would say more than half of these machines stay static for most of the day.
I would just like to setup a slack box that can do some decent filtering. I will have to see if our media teacher can harvest some RAM from another machine. That should help.
|
|
|
04-11-2006, 12:34 AM
|
#9
|
LQ Newbie
Registered: Apr 2004
Location: San Tan Valley, Az
Distribution: Any... but I prefer Debian based...
Posts: 26
Rep:
|
Quote:
Originally Posted by tubatodd
Ok, I will be given the PC to setup tomorrow. Having looked at Squid, their website recommends at least 512MB of RAM for the web caching. PROBLEM....the machine will only have 128MB. Now, do I REALLY need that much for a content filter?? I suppose I might be able to ask our tech teacher for more RAM if he has it in another machine that is just laying around.
Suppose I don't like Squid, could I just use DansGuardian only? It appears that DansGuardian allows for everything I am looking for; content filtering, URL filtering, etc.
Ok, last question. I was told that I need to setup the PC as a Firewall. How do I do that?
Thanks for helping out this newbie.
|
Since you stated that the school was fairly small the machine does not need to be a beast... you will do fine with 128M. It isn't a desktop too?
Slackware runs as beefy or as lean as you want it to. Do an everything installation to simplify the process if you are not familiar/comfortable yet with Slack. You can always remove packages after the painless and promptless installation. When you feel more comfortable with Slackware the tag files are excellent.
Slackware defaults to run level 3 so X will not be running which will save you resources. If you want a graphical admin utility check out webmin and the simple theme.
You also stated that it needed to be a firewall. Others have suggested Dans Guardian.... I've tried it... tried a couple other gui tools. If you truly wish to understand it ya gotta use the shell. For help with rc.firewall for Slackware check out Slackware Tips & Tricks Jack S. Lai is very informative.
Here is a simple sample rc.firewall file:
#!/bin/bash
# Basic script to keep the server secured
# Flush the tables to apply changes
iptables -F
## Default policy to drop 'everything'
iptables -P INPUT DROP
iptables -P FORWARD DROP
## Allow established connections and programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
## Allow offered service clients to connect to ethernet interface
# Secure Shell
#iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
# HTTPD & SSL
#iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT
# Webmin
#iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT
#end script
---
Have Fun! ;-)
|
|
|
04-11-2006, 06:22 AM
|
#10
|
Member
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795
Rep:
|
If you are just using Squid for filtering (and not caching), you should be alright.
|
|
|
04-11-2006, 06:52 AM
|
#11
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Quote:
Originally Posted by mdarby
If you are just using Squid for filtering (and not caching), you should be alright.
|
Is there a way to "shut off" the caching and have it just do filtering?
|
|
|
04-11-2006, 10:58 AM
|
#12
|
Member
Registered: May 2003
Location: Lisbon Falls, Maine
Distribution: RH 8.0, 9.0, FC2 - 4, Slack 9.0 - 10.2, Knoppix 3.4 - 4.0, LFS,
Posts: 789
Rep:
|
Just a thought, but you might be better off with something like www.smoothwall.net. I believe it does do stateful packet inspection and filtering as well as firewalling.
slight
|
|
|
04-11-2006, 11:07 AM
|
#13
|
Member
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795
Rep:
|
Quote:
Originally Posted by tubatodd
Is there a way to "shut off" the caching and have it just do filtering?
|
I'm sorry, I don't know offhand. I'm sure it's just an option in it's config file.
|
|
|
04-11-2006, 12:34 PM
|
#14
|
Member
Registered: Apr 2006
Distribution: Slackware 10.2
Posts: 52
Rep:
|
caching helps speed up the web surfing speed(if you know how to configure it correctly). Since your network is quite small and you are running on 128MB RAM only, just allocate a small amount of harddisk space for it.
|
|
|
04-11-2006, 12:36 PM
|
#15
|
Member
Registered: Apr 2006
Distribution: Slackware 10.2
Posts: 52
Rep:
|
i forgot something. It might be useful too if you choose to use reiserfs filesystem on the linux box. Reiserfs is good at processing small files..
|
|
|
All times are GMT -5. The time now is 12:14 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|