From owner-freebsd-chat@FreeBSD.ORG  Mon Jun  6 18:12:50 2005
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
X-Original-To: chat@freebsd.org
Delivered-To: freebsd-chat@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A619E16A41C
	for <chat@freebsd.org>; Mon,  6 Jun 2005 18:12:50 +0000 (GMT)
	(envelope-from kdk@daleco.biz)
Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4186C43D53
	for <chat@freebsd.org>; Mon,  6 Jun 2005 18:12:50 +0000 (GMT)
	(envelope-from kdk@daleco.biz)
Received: from [192.168.2.2] ([69.27.157.226])
	by ezekiel.daleco.biz (8.13.1/8.13.1) with ESMTP id j56IChQI041676
	for <chat@freebsd.org>; Mon, 6 Jun 2005 13:12:46 -0500 (CDT)
	(envelope-from kdk@daleco.biz)
Message-ID: <42A491DE.7080701@daleco.biz>
Date: Mon, 06 Jun 2005 13:11:42 -0500
From: Kevin Kinsey <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050428
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: chat@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Client controlled Network access ... any experience?
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2005 18:12:50 -0000

Greetings,

I'm looking at a situation which I imagine is common to many institutions,
in which I'll want to have a small LAN with full access to LAN resources,
but not allowing any gateway access unless a "supervisor" type person
authorizes the excursion.

What should I consider?  A proxy server?  A configurable firewall script?
I could probably write something, script-wise, that might be workable on
the LAN webserver ...

I'm certain the gateway, and perhaps some of the clients, will be FBSD;
but there are already Winboxen on the LAN, and we may want to extend
"protection" to these as well....

Anyone with a brief word of Wisdom?  (Perhaps like, "what the heck to
Google for" ??)

TIA,

Kevin Kinsey