Jump to content

More Specific Firewall Control?

Guest beeson

Recommended Posts

Hi all,


Mandriva 2009. average noob here, I'm new to Linux but we originally set it up here in our office (about 10 Windows XP users) to use as a file server. The Samba works great.


Since then we've started using it as an internet gateway also to share our cable modem connection. Internet goes in Eth1 and out Eth0 to the hub. We use the firewall to deny certain employees access to things like http and gnutella BUT still allow them to access SMTP and IM (because we use IM in the office.) Other employees who don't abuse the internet get to keep http and gnutella. BTW I use Firestarter to control the firewall.


What I want to know is there a way I can say a specific lan IP (Example: is denied a connection to Myspace.com. I don't want to block myspace.com for all employees because not ALL employees abuse the privilege of moderate internet use during breaks and lunch and such.


I would like to be able to do this WITH firestarter because I'm not so great in the CLI, but if I have to use the CLI is there a way to make that change there but still keep firestarter, or will I have to through out firestarter all together and start editing the IPTABLES by hand all the time?


Thanks in Advance!



Link to comment
Share on other sites

there are lots of free proxy or ip cloaking site out there that anyone can use to be allowed to access what they want to access, so blocking a specific IP source thou possible but still be able to bypass. On my experience, its better to setup a proxy server with squidguard, its another story though but just my suggestion. It can be administered via webmin, so you dont need to cli. try to google squid + squidguard + webmin. Then you should configure your gateway to do transparent proxy.

Link to comment
Share on other sites

I'm not sure squidguard is maintained anymore. But dansguardian works right out of the box with squid and is currently maintained.



So setup up squid in conjunction with dansguardian, and I can access that remotely vai webmin on an apache server?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...