Re: management of virus and p2p-traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ralf Staudemeyer wrote:

On Mon, 2004-06-21 at 17:06, Ed Wildgoose wrote:


The Windows machines with their viruses give me a
headache. I do not want to enforce remote Windows patching and
virusscanner updating. It should also be taken into account that there
is nearly no money available for any special equipment. Best would be to
get this job done with a couple of old computers.




One thing you could address is that most virus's arrive via smtp. Can you scan inbound smtp traffic, perhaps with clamav? Or do users have their own external email accounts?




We have a Novel Groupwise service that should be used for email (via the
managed 3Mbit connection). That system supports spam-filtering and
virus-scanning. Unfortunately that service does not support any security
functions and is not reliable. There will be not much change about that.
So I want and I must support users who use their external email
accounts.



A quick search on google suggests that you can get a POP3 transparent proxy which will do virus scanning. This is also used and maintained by Astaro Linux firewall.
See http://p3scan.sourceforge.net/


Perhaps you could look at something like Astaro with a bridging firewall to get the bulk of your requirements sorted (or just roll your own (Shorewall?) if you are happy with iptables)

Second problem is splitting traffic between your two internet connections. This is very possible, read the LARTC faq for basic details and then come back here with specific questions

The other stuff is easily possible, but for the number of users that you have you are going to need to invest some time to write some scripts to handle mapping users to MAC addresses and make the whole thing maintainable. There was another post only hours ago from at least one other person who you might contact to see if they will share some stuff.

P2P is pretty easy to control. Try kernel patches for "ippp" or "l7-filter" (both on sf.net I think). This lets you simply filter traffic using iptables.

You mentioned time based rules. I think there are patches to iptables to handle this. Alternatively you could have two scripts which run from cron to switch rules. A further, and perhaps easier possibility, is to use the QOS rules to prioritise everything else and simply leave unwanted traffic in the "left over" bucket. This will mean that P2P users cannot affect your normal traffic, but if the link is idle at any time of day or night then they can use up to the max amount, but only if it's idle. This is perhaps good enough and easier to configure.

You need to have read the LARTC faq, and browsed the iptables docs or you will find this quite advanced. I suggest that you break the problem up into parts.

If you aren't completely technical, or pushed for time then you might want to consider hiring someone, or looking at a prebuilt solution. Your requirements are all possible though.

Ed W



_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux