pointers for using CentOS box as filter for children

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday 11 October 2005 01:18 pm, Steven Vishoot wrote:
> thank you for correcting me, i knew i was kind of in
> the neighborhood and knew it was not that simply since
> a lot im programs use different ports. So it might a
> good idea to know what IM program they are using would
> you think?

My $.02:

#1 Setup a powerful iptables configuration tool like shorewall (my preferred 
choice) or fwbuilder and use it to limit all *outbound* traffic to a few 
ports (80 , 443).

#2. Let them go about their business.

#3. Go through the syslog messages (/var/log/messages). You will see all the 
ports they were trying to IM and fileshare out on, and that were blocked. 

#4. Think about what you want to allow. If you *only* want to allow web 
browsing, set up squid, and drop everything outbound that isn't destined for 
port 3128 on your squid server.

#5. Squid will generate logs of what websites were visited. Check the logs 
occasionally.


Email me/list if you need help setting up shorewall/squid. You may want to put 
the restricted PC in a modified DMZ - shorewall has a special configuration 
to do exactly what you are asking.




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux