[dundee] Hardware for a firewall/content filter
Robert Ladyman
it at file-away.co.uk
Thu May 12 09:31:34 UTC 2011
Where you have 'Filter' just stick in an IPCOP box on a dual-homed (two
network ports) machine. Simples. You can enable Squid in transparent mode and
put on the DansGuardian add-on (and the copfilter one if you want to scan
email and http for trojans, etc.).
> Andrew Clayton wrote:
> > On Mon, 09 May 2011 13:48:44 +0100, Colin Brough wrote:
> >> I have a couple of NAS boxes (a Buffalo and a Synology) which can be
> >> made to run Linux, but neither of them have 2 LAN ports.
> >
> > Just a heads up. But you might not actually _need_ 2 interfaces.
> > Certainly iptables nat works fine with just the one.
>
> I want to put the content filter physically between the wireless
> router and the WAN, so that all boxes that use the network have to go
> through the filter, without individual, per-machine configuration.
> Proxying port 80, etc.
>
> I've put up a diagram of what I was thinking of, and what I interpret
> your suggestion as meaning - though I'm not sure if I quite get it...?
>
> http://www.colinbrough.pwp.blueyonder.co.uk/ContentFilter.pdf
>
> My "plan" is on the left - filter box sitting between the local
> network and the internet, filtering all traffic, with a an upstream
> and a downstream LAN port.
>
> How would you wire a single interface box into the network I'm
> thinking of?
>
--
Robert Ladyman
File-Away Limited
3 Ralston Business Centre, Newtyle, Blairgowrie
Perthshire PH12 8TL SCOTLAND
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk
============================================
Registered Office: 32 Church Street, Newtyle, Blairgowrie
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086
More information about the dundee
mailing list