LinuxSA Mailing list archives

  From: Andrew Pullin <drewp@bigpond.com>
  To  : <msalkeld@senet.com.au>, <msalkeld@senet.com.au>
  Date: Sat, 13 Nov 1999 20:59:19 +1030

Re: Internet Routing Security

G'Day,
    I am just a novice at this myself, but sounds to me that
the easiest way to set this up is to set up a network in
each classroom that runs through a single server, and then
run a single connection from each server to an Internet
gateway machine to the outside. In this way you could set up
a proxy on each classroom that blocks everything by default,
that the teacher could then be allowed to modify the proxy
restrictions only, without allowing access to anything they
could damage which could happen if they had full root
access. This also allows each classroom to be accessed
independently, since all traffic just passes through the
server to the gateway, and unblocking 1 classroom doesn't
open up any other classroom. It also allows you to set up
double firewall security to restrict access from the
outside. Classroom traffic could be easily logged also
because the only logs would be for each classroom, and not
have to be filtered and separated at the gateway. Finally,
by running through a proxy, you wouldn't have to disable the
route from the classroom to the gateway, and so your E-Mail
etc wouldn't be blocked when the class block was on. As I
said before, I am also a novice at this, but even though
there is probably a better way to do this, it seems that it
is far easier for root to set up a script that the teacher
only can run that copies proxy rules over to open and close
the connection, and from a hardware point of view, if you
have a network in each classroom, then it is a simple case
of nominating 1 machine to be the "server" if you don't
already have one, and then you just need one machine for the
gateway/firewall that each "server" is connected to. Good
Luck anyhow.

    Cheers!
        Andrew.


-----Original Message-----
From: Matthew Salkeld <msalkeld@senet.com.au>
To: linuxsa@linuxsa.org.au <linuxsa@linuxsa.org.au>
Date: Saturday, 13 November 1999 15:37
Subject: Internet Routing Security


>Hi all,
>
>I am planning on running up an internet gateway, using
linux, for a small school. There is 3 different classrooms,
and each classroom needs to authenticate before using the
internet. (ie the teacher has to run a program or script,
type in a password, and the whole room has access)
>However, each class room needs to operate independent of
the others.
>Initially the internet link with be 56k.
>
>I was wondering if anyone had any suggestions as to how
this could be implimented?
>
>
>Thankyou for your suggestions.
>
>-matt
>----------------------------------------
>Matthew Salkeld
>
>Email: msalkeld@senet.com.au
>ICQ: 6408072
>----------------------------------------
>
>
>--
>LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on
irc.linux.org.au
>To unsubscribe from the LinuxSA list:
>  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as
the subject
>

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject