Date: Wed, 18 Apr 2001 20:34:55 +0200 From: "Leif Neland" <leifn@neland.dk> To: "bukky oluwaranti" <bukkyoluranti@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Internet access Message-ID: <009801c0c836$44c62780$6405a8c0@neland.dk> References: <20010418120709.84329.qmail@web12003.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Our company is a big Insurance company having about > 150 workstation on a Netware 4.01 driven LAN. We > presently have Internet connectivity through an ISP > using direct Radio Link. All workstations are able to > hook unto the Internet via a FreeBSD-based Network > Address Translator (NAT) server. > > Our desire is to control indiscriminate Internet > usage. Can you please advise me on how to go about > this Internet access control to prevent staffs from > having access/ surfing Internet during office hour. If you want to discriminate between machines, all machines must have a fixed ip. Either you must enter the ip-adress on each machine, or you must setup your dhcp-server to always give the same ip to the same mac-adress. You must setup the firewall on your FreeBSD server so it is not possible to go directly to the internet, everybody must go through squid proxyserver. On squid you can make rules for during which hours access is open and when it is restricted. You can make rules for adresses which are always blocked, or always open. But you really should start with company rules: Define to your users what is acceptable use and what is not. Make it clear that usage can be measured and monitored. Decide beforehand what are the consequenses of abuse. Have all this in writing. It is really difficult to write a firewall rules to decide whether access to a site is nessecary for performing the job. It is better to have access under responsibility. Only if it goes entirely into abuse, you can consider applying technical limitations. But really, if you are trying to solve a problem with technical means, which should have been solved by the manager, the company has a much larger problem. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009801c0c836$44c62780$6405a8c0>