Reading Please?

DJ Lucas dj at linuxfromscratch.org
Wed Oct 13 23:09:53 PDT 2004


Declan Moriarty wrote:

> To what
> extent can a firewall function as a 'Net Nanny'?
> 

A school that I do a little work for has a nice setup that uses public 
blacklists.  The 'setup' is Linkwall for Border Manager (Squid and 
SquidGuard with a nice Novell style GUI) and seems to work pretty well. 
  Unfortunately, I don't know a whole lot about it.  I started jotting 
things down for a future hint, and never got past squid, which did do 
it's job very well once configured correctly. Check out 
http://www.squidguard.org/ and the official squid guide here. 
http://squid-docs.sourceforge.net/latest/html/book1.html  Also, I found 
another mini howto that gets right to the meat and potatoes 
http://en.tldp.org/HOWTO/TransparentProxy.html

You still need a firewall, hardware ones are the simple solution and 
should be more than enough for a home network.  Linksys and Netgear 
products are both under $50 in the US and provide enough forwarding 
options to run at least a couple of servers behind them.  Obviously 
building your own with iptables would be much more capable.  Also, if 
you go with a hardware router and the setup above, you'll want to have a 
separate dhcp server so that the DG will be set to your squidguard box 
(which should be configured as a transparent proxy).  Also note that if 
you have an old PC lying around, and a switch, the iptables box is 
definately the cheaper solution if you can avoid placing a value on your 
time.

Hope that gives you something to go on.



More information about the blfs-support mailing list