Selctive internet access blocking?

Hi,

I am a newbie. I have a network of 20 computers that are connected to the internet. I need the users to be able to access only certain sites for the most part of the day but they should be able to go to any site doing lunch between 12:00pm and 1:00pm. And at the same time one computer should have access to the internet at all times. I am looking for a hardware/software solution preferable free and easy to install and manage.

Putting a proxy server under internet options or specifying the content the webbrowser can show will not work. Users can change the setting because they have admin access on the machine.

Please help. Thanks.

Reply to
xixi2244
Loading thread data ...

Could you recommend a proxy server? I am not sure will I have to change the configuration manually or will it just kick in? Can I configure it wrt to a computes IP address? I am sorry for being so naive.

Thanks.

Reply to
xixi2244

Can i just install linux on a box with Squid or will i need iptables and masquerading?

Reply to
xixi2244

would fedor core 2 work? and how do i setup my other machines?

Reply to
xixi2244

i am sorry but can you explain in more detail please.

Present setup

internet ----> hub ----> Comp1 .... to .... comp 20 Access

and what i understnd you are suggesting is

internet ----> hub ----> Linux Box + Comp1 .... to .... comp 20

Access with squid (with proxy settings set to the linux box)

Tahnks,

Reply to
xixi2244

It will work, for example if you're using a transparent proxy, and changing it's configuration at different times.

What sites do you think of you'll allow?

Yours, VB.

Reply to
Volker Birk

I have good experiences with Squid. But perhaps you better should mandate someone, who's not a newbe.

Yours, VB.

Reply to
Volker Birk

?

You need an OS, which can implement transparent proxiing with Squid. That includes GNU/Linux and FreeBSD.

Yours, VB.

Reply to
Volker Birk

Yes, it should.

"No proxy" setup.

Yours, VB.

Reply to
Volker Birk

The Linux box has to bridge or to route.

Yours, VB.

Reply to
Volker Birk

Put a Fortigate 50A at your gateway, less than $800 for the box and all subscriptions.

  1. build a lost of address objects that are the permitted sites, put them in a group called internet_permit_list build
  2. Assign the special machine a static IP and create and address entry for it.
  3. Create a schedule with daily recurrance from 12 to 1pm
  4. Create 3 policies from internal to external: as follows

A) special_machine to all always permit nat B) all_internal to all 12pm-1pm-daily permit nat C) all_internet to internet_permit_list permit nat

That would do literally what you have said you want to do.

I think a better way would be to use the same policies, but on each one apply category filtering. Select the categories from the following list that are appropriate for each of the policies above, and allow C) to hit all internet again. Each policy can have it's own set of blocks and permits -- and you can *log* the ones you aren't sure of, to see what kind of activities people are doing inside those types, and then perhaps refine those based on manager feedback to those logs. Or perhaps your company things Pornography, Gambling, Racism, Hacking, Abused Drugs, and Job Search sites are good for the corporate morale as long as it's done on lunch time? Here's the category list anyway....

Potentially Liable Abused Drugs Cult or Occult Hacking Illegal or Questionable Racism or Hate Violence Objectionable or Controversial Abortion Adult Materials Advocacy Groups Alcohol and Tobacco Gambling Militancy and Extremist Nudity Pornography Tasteless Weapons Potentially Non-productive Advertisement Brokerage and Trading Freeware and Software Download Games Internet Communication Pay to Surf Web-based Email Potentially Bandwidth Consuming File Sharing and Storage Streaming Media Potentially Security Violating Malicious Web Sites Spyware General Interest Arts and Entertainment Cultural Institutions Education Financial Data and Services Gay or Lesbian or Bisexual Interest Health Job Search Medicine News and Media Personals and Dating Political Organizations Reference Materials Religion Search Engines and Portals Shopping and Auction Social Organizations Society and Lifestyles Special Events Sports Travel Vehicles Business Oriented Business and Economy Computer Security Government and Legal Organizations Information Technology Military Organizations Others Dynamic Content Miscellaneous Web Hosting

Finally, you can block peer and instant messengers using this box, which may also be of interest, and throw in Intrustion detection and mail/web antivirus too to give yourself a second line of defence against the slow updates and instability of the average desktop antivirus product.

-Russ.

Reply to
Somebody.

Is there something cheaper i could use.

Reply to
xixi2244

The Linux box I mentioned?

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.