From owner-freebsd-questions@FreeBSD.ORG Tue Aug 28 16:01:06 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8AB916A41B for ; Tue, 28 Aug 2007 16:01:06 +0000 (UTC) (envelope-from ulrich@pukruppa.net) Received: from pukruppa.net (pukruppa.net [213.146.114.24]) by mx1.freebsd.org (Postfix) with ESMTP id 0F62E13C442 for ; Tue, 28 Aug 2007 16:01:05 +0000 (UTC) (envelope-from ulrich@pukruppa.net) Received: from pukruppa.net (localhost [127.0.0.1]) by pukruppa.net (8.14.1/8.14.1) with ESMTP id l7SG13D2075857; Tue, 28 Aug 2007 18:01:03 +0200 (CEST) (envelope-from ulrich@pukruppa.net) Received: from localhost (ulrich@localhost) by pukruppa.net (8.14.1/8.14.1/Submit) with ESMTP id l7SG133m075854; Tue, 28 Aug 2007 18:01:03 +0200 (CEST) (envelope-from ulrich@pukruppa.net) Date: Tue, 28 Aug 2007 18:01:02 +0200 (CEST) From: "P.U.Kruppa" X-X-Sender: ulrich@small To: Zbigniew Szalbot In-Reply-To: <2d534d27935e1fe3bf9cc35ec969e205@szalbot.homedns.org> Message-ID: <20070828174355.E83792@small> References: <2d534d27935e1fe3bf9cc35ec969e205@szalbot.homedns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Freebsd questions Subject: Re: home lan with freebsd as gateway / security issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 16:01:06 -0000 On Tue, 28 Aug 2007, Zbigniew Szalbot wrote: > > Dear all, > > Please bear with me one more time. In two months I will need to set up a > home network and I was planning to use a spare freebsd box as a gateway, > proxy (squid) and content filtering (dansguardian). I am basically ready > but the more I think about it, the more worried I am. > > That is - for content filtering to work without bypassing it, I will need > to put the machine in front of my wireless router, won't I? I am going to > do some reading on tightening FreeBSD security and closing ports/services I > do not need. My question is more general, though, I would simply like to > know if there's any simple way to put the box behind a router and sitll be > able to do transparent proxying of requests originating from my LAN? Yes: generally spoken: a gateway/proxy is what you tell your client machines to use as a gateway/proxy. You can just set it anywhere in your network and make it suck its data from your router. Transparent proxying might be a bit difficult to set up at times but you can start with an ordinary cache-proxy (called by requests on port 8080 or something). As long as your kids don't have admin rights on their workstations, they won't be able to change it. By the way: blocking single addresses or even some expressions won't keep anyone from watching bad pages - all one needs is google and some patience. But of course you can use squid's log files to control what your kids really did. So - sorry for adding educational hints - talk to your children first and explain the meaning of the word trust to them. When they really believe they have to deceive you, they probably will be able to live without a computer for some time. Sorry, this really was off topic. Regards, Uli. > What I > really need is content filtering so that my kids won't accidentaly go to > bad sites. > > I am not really an administrator so my knowledge is limited but I love this > (FreeBSD) system and want to continue using it and learning the ropes. What > would you advise a person like me? > > Many, many thanks! > > Zbigniew Szalbot > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Peter Ulrich Kruppa Wuppertal Germany