|
||||||||
Martin Cavanagh wrote: > original poster here. > > so basically as far as i know (there are a couple of people not in our > "appartment/student hostel" who i have only met for 2 mins), every one > is using WinXP home(came with their laptops, poor people), with myself > and another person using WinXP Pro(self built machines, both looking at > GenToo Linux). Everyone has their own machine . - so basically who the > "user" is, is irrelevant to me. In addition there is also a Fileserver > running Win2000(considering a Linux dib with sambo, but really not in a > hurry for that) sharing movies, tools, music and the like. > > I'm really keen to avoid a proxy server, i like solutions to be > invisible to the user, but if squid supports invisiable proxy server > than that would be okay. Yes, squid does this. We actually built a Linux 2.4 bridge box that has two ethernet interfaces and sits between the customer's ethernet switch and their WAN connection. It transparently performs Layer 4 (TCP/IP Port based) filtering and functions as a transparent, mandatory web filter. I used iptables and Linux's bridge functionality to accomplish this. The box runs Red Hat Linux 7.3, so this required a custom patched kernel, as Red Hat 7.3's stock kernel doesn't allow filtering bridge traffic in it's most up-to-date versions. The box doesn't show up in traceroutes (because it's a filtering bridge, not a router), and it's not possible to bypass unless you use a non-standard HTTP port or SSL. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net |