on Thu, Feb 17, 2005 at 06:39:47AM -0700, Troy Banther (troy@xxxxxxxxxxxxxxxxxxxxxxxx) wrote:
Hello everyone,
Has anyone on the set up a stand alone Linux computer with an Internet
filtering program?
I have never set one up but am interested in doing so for a non-profit
agency.
Sure: install Dansguardian, a context and origin-based filtering system.
Not sure what you mean by "stand-alone", though most probable cases
should be covered, including:
- A filtering proxy, through which all web traffic passes.
- Filter for web surfing from the same box.
The main question is how easy/hard do you want it to be to defeat the
filter?
In my case, I set up a youth center's tech lab using Dansguardian for
outbound filtering. Basic architecture:
,~~~~~~~~~~~~~~~,
( )
) Internet (
( ) +----------+
~~~~~~~~+~~~~~~~~ , --- | |
| +-----------------+ / ---- | Filtered |
| | Gateway | / ----- | |
+--+ IP Filters +------< ------ | LAN |
| Dansguardian | \ ----- | |
+-----------------+ \ ---- | Clients |
`---- | |
+----------+
...with the filtering standing between the desktop clients and the
Internet. All proxy management was handled via firewall rules for
transparent proxy. This means no client-side configuration, and no
client-side defeat of filtering.
Note that web filtering isn't perfect, particularly if users discover
upstream SSL proxies. This allows them access to filtered content, and
since the outbound connection itself is encrypted, it can't be tracked
for content.
Peace.