Setting up a PC as a gateway

Hobart

I have to install an ADSL modem on a small network (5 PC's). As part of the install I need to set the network up in such a way that all web requests are sent via a gateway PC before they are sent onto the ADSL modem.

This PC must contain some sort of "net nanny" software or some sort of content blocking software. Does anybody know of any freeware/shareware available that will handle this? Is gateway the correct terminology to use for this type of setup? If there is no free solution, is there any trialable solution that ye might know of, so that I can see it working before comitting to it?

I won't be managing the setup, so some software with a fairly easy to use GUI would be a plus.

Thanks in advance.

Hobart.

humaxf1

"naomi" does a pretty good job at filtering "rude" words, if that's what you're looking for. It runs on each PC and can only be deactivated by a password set by whoever administers the network.

There are programs that run on PCs which act like a proxy server. I'm not too upto speed on them, but I think they have a database of words/phrases/websites that are on a blacklist. You can then add to that list to customise it.

BoB_BoT

you can use Smoothwall, it's free, has a web gui, set it up and away you go, runs on a very low end pc too. They have a commercial product too, all can be found on their site. There's also OpenDNS as it allows you to use their blacklist service, and best of all, it's free
You could use OpenDNS with Smoothwall to get a good adjustable setup.

versa

have a look at sme server or clark connect

Sme server has addon's for it and takes a bit of work to get going but is free.
Clark Connect have a free version for 10 users.

What you are looking for is a content filtering transperent proxy

allybhoy

Is there a particular reason why you have to point all the users to a pc rather than to a router/firewall then run content filtering directly from the there? The reason I ask is that unless you go down the road of restricting access to network configuration then all the user has to do is to tracert an external ping to find the local ip of your DSL and then change his local GW to your router and then he's out on the web unrestricted. I know this may sound far fetched but I have seen non IT staff do a lot more technical stuff than that in order to access non work related websites, russian proxies etc. Even the most basic of DSL routers nowadays have blacklists and category ratings that can be edited so chances are your router already has the required functions so why not stop it at source. And if for some reason that you have to point all the users to this GW pc, you can still implement the content filtering on the router and this will block all users regardless of where their local GW is pointing.

bushy...

allybhoy wrote: »

Is there a particular reason why you have to point all the users to a pc rather than to a router/firewall then run content filtering directly from the there? The reason I ask is that unless you go down the road of restricting access to network configuration then all the user has to do is to tracert an external ping to find the local ip of your DSL and then change his local GW to your router and then he's out on the web unrestricted.

Not much point in setting it up so it could be bypassed so easily unless the pcs were locked down. Its easy to do but does depend on what apps/sites etc are necessary for work related stuff.

rogue-entity

allybhoy wrote: »

Even the most basic of DSL routers nowadays have blacklists and category ratings that can be edited so chances are your router already has the required functions so why not stop it at source. And if for some reason that you have to point all the users to this GW pc, you can still implement the content filtering on the router and this will block all users regardless of where their local GW is pointing.

That may be true for "business" routers, but I've never found a DSL router that has a good content filter.

There are two ways you can set this up, to lock down the network that I can see, the second is the preferred option:

1. You configure the modem to block ALL internet access from all IP addresses, except your gateway PC. You can then install proxy-server/nanny software on the gateway PC and configure all your PC's to use the proxy to connect to the internet. All internet requests will go through the proxy/gateway, which has complete access to the internet.

2. Get a gateway PC with two network cards. Place the modem in "bridged" mode, and connect it to one network card. Connect the other network card into a switch, and use the switch to network your PCs together. The gateway PC will "dial" your DSL connection, and act as the router between the internet and your network. If you then install something like SmoothWall AND DansGuardian (there are guides on this), you can then configure the lot over a web interface.

Smoothwall itself, AFAIK, does not contain any filter software, its only a firewall, and a pretty good one at that.
SmoothGuardian is a paid-for version of SmoothWall which also incorporates the DansGuardian filter software and comes with support.

ClarkConnect, though I have not used it myself, I believe is like SmoothGuardian, and combines both a firewall, and a filtering proxy in the one distribution.

CensorNet is another system, it also has the ability to block images that match certain characteristics i.e. porn.

tech

you could install Bluecoat K9 on all pc;s very nice bit of software, I know its not a central solution

but works very well

mukki

+1 for k9

i'm convinced if a pc has a firewall,avg and k9 it will never get a virus.

PogMoThoin

You can block adult content thru opendns