From owner-freebsd-chat@FreeBSD.ORG Mon Jun 6 18:12:50 2005 Return-Path: X-Original-To: chat@freebsd.org Delivered-To: freebsd-chat@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A619E16A41C for ; Mon, 6 Jun 2005 18:12:50 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4186C43D53 for ; Mon, 6 Jun 2005 18:12:50 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [192.168.2.2] ([69.27.157.226]) by ezekiel.daleco.biz (8.13.1/8.13.1) with ESMTP id j56IChQI041676 for ; Mon, 6 Jun 2005 13:12:46 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <42A491DE.7080701@daleco.biz> Date: Mon, 06 Jun 2005 13:11:42 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050428 X-Accept-Language: en-us, en MIME-Version: 1.0 To: chat@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Client controlled Network access ... any experience? X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2005 18:12:50 -0000 Greetings, I'm looking at a situation which I imagine is common to many institutions, in which I'll want to have a small LAN with full access to LAN resources, but not allowing any gateway access unless a "supervisor" type person authorizes the excursion. What should I consider? A proxy server? A configurable firewall script? I could probably write something, script-wise, that might be workable on the LAN webserver ... I'm certain the gateway, and perhaps some of the clients, will be FBSD; but there are already Winboxen on the LAN, and we may want to extend "protection" to these as well.... Anyone with a brief word of Wisdom? (Perhaps like, "what the heck to Google for" ??) TIA, Kevin Kinsey