[ previous ] [ next ] [ threads ]
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Traffic Measurement
 Date:  Thu, 02 Dec 2004 21:53:36 -0500
Martin Cavanagh wrote:

> original poster here.
> so basically as far as i know (there are a couple of people not in our
> "appartment/student hostel" who i have only met for 2 mins), every one
> is using WinXP home(came with their laptops, poor people), with myself
> and another person using WinXP Pro(self built machines, both looking at
> GenToo Linux).  Everyone has their own machine . - so basically who the
> "user" is, is irrelevant to me.  In addition there is also a Fileserver
> running Win2000(considering a Linux dib with sambo, but really not in a
> hurry for that) sharing movies, tools, music and the like.
> I'm really keen to avoid a proxy server, i like solutions to be
> invisible to the user, but if squid supports invisiable proxy server
> than that would be okay.

Yes, squid does this. We actually built a Linux 2.4 bridge box that has
two ethernet interfaces and sits between the customer's ethernet switch
and their WAN connection. It transparently performs Layer 4 (TCP/IP Port
based) filtering and functions as a transparent, mandatory web filter.

I used iptables and Linux's bridge functionality to accomplish this. The
box runs Red Hat Linux 7.3, so this required a custom patched kernel, as
Red Hat 7.3's stock kernel doesn't allow filtering bridge traffic in it's
most up-to-date versions. The box doesn't show up in traceroutes (because
it's a filtering bridge, not a router), and it's not possible to bypass
unless you use a non-standard HTTP port or SSL. 

Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)