S
S
Serezha2015-04-01 16:44:00
linux
Serezha, 2015-04-01 16:44:00

How can you make an Internet traffic filtering system?

There is an organization (10-15 computers) There is no server. IP static. It is necessary to install a gateway that will filter traffic (for example, block access to VK and classmates) There is an old computer with two network cards. There is nothing else and no one will give out money for anything. Please tell me how you can organize the filtering. As far as I know all this business can be organized on Linux. Well, as an option, take centos. I just don't know how to set up this whole thing. Friends, please tell me a way out of the situation. It is necessary that this server has both routing (from local to external and vice versa) and filtering, well, NAT + dhcp. I'd like to hear a variant on the example of any Linux distributions

Answer the question

In order to leave comments, you need to log in

8 answer(s)
C
cssman, 2015-04-01
@cssman

centos will be quite good, we configure interfaces, then:
squid + dhcp + static routes do you have? if the speaker is still quagga for example.
squid - proxy server for filtering traffic
yum install squid
many configuration guides on the Internet
chkconfig squid on - don't forget to add
dhcp server to startup - everything is simple here yum install dhcp and configure /etc/dhcp/dhcpd.conf (how to configure - on the Internet also many guides)
/etc/init.d/dhcpd start - start the daemon
chkconfig dhcpd on - autoload

V
Vadim Sabynich, 2015-04-01
@vadim_s_sabinich

https://ru.wikipedia.org/wiki/Zentyal ?

S
ShamblerR, 2015-04-01
@ShamblerR

go into the router and set it up, in most routers it's all there, here you are and here you have no classmates.

A
AlexLIn, 2015-04-01
@AlexLIn

www.sophos.com/en-us/products/unified-threat-manag...
www.sophos.com/en-us/products/free-tools/sophos-ut...
home license for 50 Ip
web interface, everything is configurable. Antivirus in addition, you can ban sites by category

T
tartarelin, 2015-04-01
@tartarelin

as already suggested here - pfsense
for example, here is the installation
https://ghostadmin666.wordpress.com/2012/09/18/%D1...
and stuff like that
https://ghostadmin666.wordpress.com/tag/pfsense/

A
Alexander, 2015-04-01
Madzhugin @Suntechnic

privoxy - sharpened just for this .
There are excellent configuration guides: https://sites.google.com/site/rpfteam/
Updated configs there.
To start in transparent proxy mode:
-A PREROUTING -s YourSubnet/24 ​​-p tcp -m tcp --dport 80 -j DNAT --to-destination IpGatewayOnSubnet:8118
-A OUTPUT -p tcp -m owner --uid-owner UidUserFrom Which Launched Privoxy -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination IpGatewayInSubnet:8118
The only thing is that if you need to filter https, you will have to fuck.

S
Sergey Petrikov, 2015-04-02
@RicoX

pfSense - everything is there out of the box.

A
Alexander, 2015-04-07
@saphire13

RouterOS
As an option to use such a thing. It doesn’t ask for much to eat, it works according to the set-and-forget principle, it is installed on the x86 architecture and has all the necessary network functionality.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question