Date: Sun, 7 Jul 2002 20:58:12 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Steven Lake <raiden@shell.core.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Proxies and limited access Message-ID: <20020707205048.H11873-100000@localhost> In-Reply-To: <Pine.GSO.4.44L0.0207071730190.12903-100000@shell.core.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 7 Jul 2002, Steven Lake wrote: > HI all. I've got one of our offsite locations that I was asked to > outfit with a proxy server friday (ok, so I'm slow getting to this) and > set it to lock down all access to the lan. > > Obviously normal for a proxy server. But here's the catch. This > will be inside of the normal security hardware that we have in place > currently. What they want it to do is to block all the employees in the > office, except a select few, from having ANY access to the internet. > They'll still have VPN access to the main network, but no internet access. > > They want to block this by internal IP address, and by login. So > if you have a qualifying IP address you will then be prompted to login to > the Proxy server in order to have net access. If you don't have a > qualifying IP address, you're blocked outright. Kind of double protection > to keep employees working instead of surfing. I'm looking for a good > proxy server port that will aid me in doing this and a tutorial on how > best to set this up. Any help is welcome. Thanks. > If you are planing to block HTTP/FTP only, squid is very good choice. You can set ACLs based on login name, src/dst IP, src, dst domain, URL, regexes and the like. There are a lot of good docs in the squid home page (http://www.squid-cache.org) for runing and configuring it. You can install it from the ports (www/squid24). If you need to proxy a lot of protocols, try socks5. The NEC implementation is free for non-comercial use and it's available in the ports. There is also a BSD-licenced implementation (Dante) which is also available in the ports. Fer > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020707205048.H11873-100000>