Re: Want to Block Porn sites in school LAN
@Firebird
With regard to a) above Internet bound packets will have to pass through Untangle/other firewall if they are to be manipulated. As you have indicated in your reply, they do not, therefore they cannot be.
The solution you are trying to implement, using the network layout you have, with packet inspection and filtering is way too complex without a DPI device/software. Remember, the more complicated something gets the more difficult and costly it is to implement and eventually more points of failure.
With regard to b) and c) that's how Network Address Translation (NAT) works. Untangle, IPCop and routers in NAT mode do NAT'ing and will allow you to do exactly what you want in b) and c) above as long as you ensure all requests flow through them (i.e.) my layout a).
I'd recommend you go with layout a) with IPCop forwarding to your ISP proxy. If you decide to go with IPCop and this network layout I will be able to help you along. Post on this thread before you get started with IPCop and I will give you some pointers to getting it implemented correctly.
With Ipfire I could offer some assistance, but I may not have all the answers. With anything else, you are on your own or maybe some other members on this site will help.
Doc Holliday's suggestion would also work for you, but has to be implemented the way it is described in his post. An Asus router is not all that expensive, but I don't know your budget.
A Happy Diwali to you too and post back on this thread if you still need assistance once you get back.
@Firebird
That's where your problem is. Your network is setup such that Internet connections bypass Untangle. Also, FWIRC but I may be wrong, Untangle does not correctly use an upstream proxy and therefore will have problems if you try to place the upstream proxy between Untangle and Internet. IPCop can use upstream proxies via an addon (Advproxy).
With regard to a) above Internet bound packets will have to pass through Untangle/other firewall if they are to be manipulated. As you have indicated in your reply, they do not, therefore they cannot be.
The solution you are trying to implement, using the network layout you have, with packet inspection and filtering is way too complex without a DPI device/software. Remember, the more complicated something gets the more difficult and costly it is to implement and eventually more points of failure.
With regard to b) and c) that's how Network Address Translation (NAT) works. Untangle, IPCop and routers in NAT mode do NAT'ing and will allow you to do exactly what you want in b) and c) above as long as you ensure all requests flow through them (i.e.) my layout a).
Without a network layer firewall which can do DPI or an application layer filter that can do DPI (ipfire.org which is a fork of IPCop appears to be able to do layer 7 filtering), the answer is no.
I'd recommend you go with layout a) with IPCop forwarding to your ISP proxy. If you decide to go with IPCop and this network layout I will be able to help you along. Post on this thread before you get started with IPCop and I will give you some pointers to getting it implemented correctly.
With Ipfire I could offer some assistance, but I may not have all the answers. With anything else, you are on your own or maybe some other members on this site will help.
Doc Holliday's suggestion would also work for you, but has to be implemented the way it is described in his post. An Asus router is not all that expensive, but I don't know your budget.
A Happy Diwali to you too and post back on this thread if you still need assistance once you get back.
i have done so in my school! ! i have looked at a testpaper before the test ,..... SORRY IF THERE IS ANYONE FROM MY SCHOOL HERE
ESI MALU AUNTY HD:rofl:
hyeah: