General discussion

Locked

firewall setting & internet connection

By santosh_k ·
hi

earlier i had static ip now it changed to dynamic
My router directy connected lan.I wanted to firewall so that i can able to block some site and some user accessing internet. but i want all the user able recive the email,mail server is maintained by some other service provoider.

pls help me out

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to firewall setting & intern ...

the simplest and most effective method would be a commercial ips ( intrusion prevention system )
such as ironmail.
they will scan for viruses, spam, phishing, block specific sites or domains, yet allow exactly what traffic you want.
ironmail itself will also allow control on a per system basis for access to internet. ( probably most will )

a good ips will be scalable, with good reports comments on user lists from the provider. ( usenet lists, irc channels, and email lists )

for internal ( your own server ) based firewalling, you would have to detail which firewall method you want to use, or way to many options to detail. most will not support blocking specific hosts with dhcp, as they block on ip, not hw address

Collapse -

by icemaster In reply to firewall setting & intern ...

If I understand your question correctly, you are not attempting to block intrusions, but rather control the access your users have to the internet. If this is correct, you may wish to look at using an proxy server such as http://www.squid-cache.org/. Squid provides the ability to create safe, secure, policy-based Internet access. You could implement this as a socks proxy which could handle all outbound traffic and have full control of what you user accessed.

Collapse -

by rajesharichwal In reply to firewall setting & intern ...

Sir you can use proxy server like squid in squid.conf you can block some port.and you can also use ipcains or iptables to restrict your spesific user to access internet.give command for smtp or pop3 accept like ipchains -A (uripchain) -p tcp -d (ur network) smtp/pop3 -j accept.Like this configure ur firewall.

Collapse -

by sureshtech_aagac In reply to firewall setting & intern ...

if u want use the internet safely i reccommend to use the windows ISA Server which help in content filtering,web page cahing.,etc

Collapse -

by xdark1 In reply to firewall setting & intern ...

solution
squid + dansguardian + iptables
squid transaparent proxy:

check /etc/squid.conf
and change this

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

dansguardian(web content proxy):
download, install, configure the file
bannedsitelist, exceptioniplist(ip no filtered)


iptables: force the user to use the proxy

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

dansguardian run on port 8080

Back to Linux Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums