On Wed, Feb 19, 2003 at 02:50:55PM +0100, Raoul Beauduin wrote:
> I am trying to forbid outgoing ftp.
>
> the situation is like this:
>
> we have about 10 pc's connected to a local network 192.168.*.* ("my"
> network). we are going through a firewall to connect to internet.
> I want some students not being able at all to make an outgoing ftp to
> some foreign host and drop sensitive sources. but when i connect on
> their machine, i want to be able to make an any ftp i want.
> the deny of outgoing ftp must on be only for these students.
The obvious thing (to me) is to install a proxy server between the users
and the firewall. Reject incoming access to the firewall from the
student systems and force them to go through the proxy. The proxy
server can do just about anything in terms of access. You can restrict
based on source address, destination address, proxy both http and ftp
(and other protocols), cache results, etc.
The home page for squid is at http://www.squid-cache.org/
--
Ed Wilts, Mounds View, MN, USA
mailto:ewilts@ewilts.org
Member #1, Red Hat Community Ambassador Program
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
