LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-07-2006, 06:16 PM   #1
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Rep: Reputation: 30
Setting Slack box as Firewall and Content Filter for School


I teach at a fairly small Christian school and one of our newest teachers (teaches history and media [school TV show]) has helped improve our constantly down and problem prone Windows network. Until he started working on our network, the system used to go down regularly and STAY down for a while. It was really annoying. In any event, I was chatting with our media teacher and I shared with him how I run Linux on my laptop that I bring to school everyday. He said that he would like to setup a Linux box on the network as a firewall and web content filter (block specific sites and sites with inappropriate content). I told him that I would look into how to setup Slackware for this purpose. I have done a search on Linux Questions and on the net. The information I found was a tad sketchy. Have any of y'all setup a Slack box for this purpose? I need all of the guidance I could get.
 
Old 04-07-2006, 06:23 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
You can use Squid for this, either from http://www.squid-cache.org/ or there may be a package on the CDs. It's a bit tedious parsing log files so you may want to use something like Calamaris (http://cord.de/tools/squid/calamaris/) to help with that.

If you find that setting up access control lists is a bit clunky, there are other tools like DansGuardian (http://dansguardian.org/) that work with Squid to provide content filtering.

That's a vague answer I've given you, but I'd recommend starting with Squid and building from there. Once you start having specific problems there are plenty of people here who can help.

Last edited by gilead; 04-07-2006 at 06:24 PM.
 
Old 04-07-2006, 09:15 PM   #3
mdarby
Member
 
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795

Rep: Reputation: 30
SARG (http://sarg.sourceforge.net/) is also a nice reporting tool for Squid.
 
Old 04-10-2006, 08:30 PM   #4
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Ok, I will be given the PC to setup tomorrow. Having looked at Squid, their website recommends at least 512MB of RAM for the web caching. PROBLEM....the machine will only have 128MB. Now, do I REALLY need that much for a content filter?? I suppose I might be able to ask our tech teacher for more RAM if he has it in another machine that is just laying around.

Suppose I don't like Squid, could I just use DansGuardian only? It appears that DansGuardian allows for everything I am looking for; content filtering, URL filtering, etc.

Ok, last question. I was told that I need to setup the PC as a Firewall. How do I do that?

Thanks for helping out this newbie.
 
Old 04-10-2006, 09:37 PM   #5
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
You will need a proxy server if you're running DansGuardian according to http://dansguardian.org/?page=requirements. As to whether Squid will run in less memory, there's some stuff on reducing memory usage at http://www.squid-cache.org/Doc/FAQ/FAQ-8.html#ss8.9. I'm not optimistic about running it with 128MB RAM though - there's a question/answer about why it uses so much at http://www.squid-cache.org/Doc/FAQ/FAQ-8.html#ss8.1.

Laslty, for firewalling under Linux, check out the iptables docs at http://www.netfilter.org/documentation/index.html. For FAQs, GUIs etc. have a look at http://www.linuxguruz.com/iptables/ and http://www.linuxquestions.org/linux/...n_iptables_GUI in no particular order.

Hope that helps...
 
Old 04-10-2006, 10:30 PM   #6
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Ok, is there any alternate, less memory demanding solution? I read somewhere that Apache can be used for a proxy.
 
Old 04-10-2006, 10:35 PM   #7
mdarby
Member
 
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795

Rep: Reputation: 30
Apache's proxy capabilities are for something else entirely. Squid is a decent hog, but considering the traffic it's handling...
Memory is really cheap these days; why not bump up the amount?
 
Old 04-10-2006, 10:55 PM   #8
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Well, here is the deal. There are about 10 computers in the library, 7 in our media teacher's room, about 7 or 8 for administrators and about 5-7 classroom computers. That's about 25 or so. In our other school building there may be about as many PCs. Now it is HIGHLY unlikely that all of these machines will surf the net at the same time. In fact I would say more than half of these machines stay static for most of the day.

I would just like to setup a slack box that can do some decent filtering. I will have to see if our media teacher can harvest some RAM from another machine. That should help.
 
Old 04-11-2006, 12:34 AM   #9
mindmerge
LQ Newbie
 
Registered: Apr 2004
Location: San Tan Valley, Az
Distribution: Any... but I prefer Debian based...
Posts: 26

Rep: Reputation: 15
Quote:
Originally Posted by tubatodd
Ok, I will be given the PC to setup tomorrow. Having looked at Squid, their website recommends at least 512MB of RAM for the web caching. PROBLEM....the machine will only have 128MB. Now, do I REALLY need that much for a content filter?? I suppose I might be able to ask our tech teacher for more RAM if he has it in another machine that is just laying around.

Suppose I don't like Squid, could I just use DansGuardian only? It appears that DansGuardian allows for everything I am looking for; content filtering, URL filtering, etc.

Ok, last question. I was told that I need to setup the PC as a Firewall. How do I do that?

Thanks for helping out this newbie.
Since you stated that the school was fairly small the machine does not need to be a beast... you will do fine with 128M. It isn't a desktop too?

Slackware runs as beefy or as lean as you want it to. Do an everything installation to simplify the process if you are not familiar/comfortable yet with Slack. You can always remove packages after the painless and promptless installation. When you feel more comfortable with Slackware the tag files are excellent.

Slackware defaults to run level 3 so X will not be running which will save you resources. If you want a graphical admin utility check out webmin and the simple theme.

You also stated that it needed to be a firewall. Others have suggested Dans Guardian.... I've tried it... tried a couple other gui tools. If you truly wish to understand it ya gotta use the shell. For help with rc.firewall for Slackware check out Slackware Tips & Tricks Jack S. Lai is very informative.

Here is a simple sample rc.firewall file:
#!/bin/bash
# Basic script to keep the server secured

# Flush the tables to apply changes
iptables -F

## Default policy to drop 'everything'
iptables -P INPUT DROP
iptables -P FORWARD DROP

## Allow established connections and programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

## Allow offered service clients to connect to ethernet interface

# Secure Shell
#iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT

# HTTPD & SSL
#iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT

# Webmin
#iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT

#end script

---
Have Fun! ;-)
 
Old 04-11-2006, 06:22 AM   #10
mdarby
Member
 
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795

Rep: Reputation: 30
If you are just using Squid for filtering (and not caching), you should be alright.
 
Old 04-11-2006, 06:52 AM   #11
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by mdarby
If you are just using Squid for filtering (and not caching), you should be alright.
Is there a way to "shut off" the caching and have it just do filtering?
 
Old 04-11-2006, 10:58 AM   #12
slightcrazed
Member
 
Registered: May 2003
Location: Lisbon Falls, Maine
Distribution: RH 8.0, 9.0, FC2 - 4, Slack 9.0 - 10.2, Knoppix 3.4 - 4.0, LFS,
Posts: 789

Rep: Reputation: 30
Just a thought, but you might be better off with something like www.smoothwall.net. I believe it does do stateful packet inspection and filtering as well as firewalling.

slight
 
Old 04-11-2006, 11:07 AM   #13
mdarby
Member
 
Registered: Nov 2004
Location: Columbus, Ohio
Distribution: Slackware-Current / Debian
Posts: 795

Rep: Reputation: 30
Quote:
Originally Posted by tubatodd
Is there a way to "shut off" the caching and have it just do filtering?

I'm sorry, I don't know offhand. I'm sure it's just an option in it's config file.
 
Old 04-11-2006, 12:34 PM   #14
the.madjack
Member
 
Registered: Apr 2006
Distribution: Slackware 10.2
Posts: 52

Rep: Reputation: 15
caching helps speed up the web surfing speed(if you know how to configure it correctly). Since your network is quite small and you are running on 128MB RAM only, just allocate a small amount of harddisk space for it.
 
Old 04-11-2006, 12:36 PM   #15
the.madjack
Member
 
Registered: Apr 2006
Distribution: Slackware 10.2
Posts: 52

Rep: Reputation: 15
i forgot something. It might be useful too if you choose to use reiserfs filesystem on the linux box. Reiserfs is good at processing small files..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
content filter in postfix jrafalek Linux - Software 0 04-05-2005 05:19 PM
Which Content Filter? jabird Linux - Networking 1 10-11-2004 07:09 PM
need help setting up slack box as gateway Inix Slackware 6 06-13-2003 05:05 AM
setting up ip_masqueraiding and firewall on a old linux box fo-krite Linux - Networking 4 01-23-2003 08:44 PM
content filter on firewall Nerun Linux - Security 3 02-21-2002 05:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration