Topic: Can I do that with e-smith ?

[Patrick F.Ducharme]

Hi,

I want to do this kind of setup :

Internet Cable access --> Linksys Router --> 1st NIC of E-smith box (192.x.x.x). 2nd NIC of E-Smith box --> a Hub (10.x.x.x).  Other computers on this hub with a 10.x.x.x IP adress.

I want to block everything (FTP, SSH, Telnet, MSN... All !) but HTTP and only *.gc.ca (Gouvernement sites) Web site.  I want that SME act as a Proxy and block everything, also, I think it have to be a NAT gateway, to translate 10.x.x.x --> 192.x.x.x and the Linksys Router will have a static route to 10.x.x.x network.

Thank you for your repplies.  Just give me some advises... Maybe another distro will be more appropriate.

Patrick F. Ducharme

[Luke Drumm]

The bulk of it is fairly standard stuff. I don't see any reason why SME couldn't be the distro for you.

Regards,
Luke

[Bill Talcott]

Is there a specific reason you want to use the Linksys and two different private networks (router <-> e-smith and e-smith <-> clients)? The e-smith on its own should be able to do anything the Linksys can...

[Patrick Fortin-Ducharme]

Hi Bill,

Yes, I have reasons to use 2 private networks.  It's because I don't have the control of the Linksys router.  It's for a kiosk in a public place, and the Internet access is provided and shared by a linksys router control by someone else.  So, for controlling access to specific web site, all kiosk have to use their own setup.  It's the reason for my wish to use E-Smith as a proxy server that control everything.

Pat


Bill Talcott wrote:
>
> Is there a specific reason you want to use the Linksys and
> two different private networks (router <-> e-smith and
> e-smith <-> clients)? The e-smith on its own should be able
> to do anything the Linksys can...

[Todd Pearsall]

SME rocks and you could it, but I'm not sure it's the best solution if all you want is a router.  I would suggest a router-only product, two of my favorites are:

- http://leaf.sourceforge.net
For a floppy disk distro, but requires some Linux/router knowledge

- http://www.smoothwall.org
Requires a small HD (~500MB), but is web-based and easier to configure

Either will run on a 486 just fine, but may require some tweaking of the firewall rules because they probably block private IPs on the external interface by default.  

I like LEAF better due to no HD so there is one less thing to fail.  It can also be used with CompactFlash cards and CDs instead of floppies.

- Todd

[Patrick Fortin-Ducharme]

I want a router AND a proxy that controll every website, to ensure that only *.gc.ca will be avalaible.  And I want a Transproxy, to ensure that anyone can't just remove the "use a proxy" in IE settings... Also, i want to block every protocol but http.

Does one of your suggestion can do that ?


Todd Pearsall wrote:
>
> SME rocks and you could it, but I'm not sure it's the best
> solution if all you want is a router.  I would suggest a
> router-only product, two of my favorites are:
>
> - http://leaf.sourceforge.net
> For a floppy disk distro, but requires some Linux/router
> knowledge
>
> - http://www.smoothwall.org
> Requires a small HD (~500MB), but is web-based and easier to
> configure
>
> Either will run on a 486 just fine, but may require some
> tweaking of the firewall rules because they probably block
> private IPs on the external interface by default.
>
> I like LEAF better due to no HD so there is one less thing to
> fail.  It can also be used with CompactFlash cards and CDs
> instead of floppies.
>
> - Todd

[Lazo]

You have to configure squid, squidguard, and ipchanes so you can do all that you want!!

[Todd Pearsall]

Both should be able to do what you want, but squid is not standard on the LEAF distros, so you would need to track it down.

Smoothwall does run squid so blocking should be pretty easy to do, I'm not sure if you can configure that thru the web or not.  I haven't used it in a couple versions.

I'd throw it on a test box and check it out.


Patrick Fortin-Ducharme wrote:
>
> I want a router AND a proxy that controll every website, to
> ensure that only *.gc.ca will be avalaible.  And I want a
> Transproxy, to ensure that anyone can't just remove the "use
> a proxy" in IE settings... Also, i want to block every
> protocol but http.
>
> Does one of your suggestion can do that ?

[Rob Wellesley]

Patrick F.Ducharme wrote:
>
> Hi,
>
> I want to do this kind of setup :
>
> Internet Cable access --> Linksys Router --> 1st NIC of
> E-smith box (192.x.x.x). 2nd NIC of E-Smith box --> a Hub
> (10.x.x.x).  Other computers on this hub with a 10.x.x.x IP
> adress.
>
> I want to block everything (FTP, SSH, Telnet, MSN... All !)
> but HTTP and only *.gc.ca (Gouvernement sites) Web site.

By default the only public service running is web and mail. Switch off mail.

> want that SME act as a Proxy and block everything, also, I
> think it have to be a NAT gateway, to translate 10.x.x.x -->
> 192.x.x.x

It will do this out of the box

and the Linksys Router will have a static route to
> 10.x.x.x network.

just get a route to the 1st NIC on the SME. SME will NAT the rest

> Thank you for your repplies.  Just give me some advises...
> Maybe another distro will be more appropriate.

SME will be perfect for you. check out the contrib areas under documentation on the home page for more help.

rob

[Patrick Fortin-Ducharme]

For the clients computer... I want that client cannot go on any FTP site on the internet, any HTTP site or that they cannot use MSN and Instant messaging like that.  

> > I want to block everything (FTP, SSH, Telnet, MSN... All !)
> > but HTTP and only *.gc.ca (Gouvernement sites) Web site.
>
> By default the only public service running is web and mail.
> Switch off mail.
>

[Rob]

Patrick Fortin-Ducharme wrote:
>
>
> > > I want to block everything (FTP, SSH, Telnet, MSN... All !)
> > > but HTTP and only *.gc.ca (Gouvernement sites) Web site.
> >

http://www.myezserver.com/downloads/mitel/contrib/service-control-0.0.1/

[Craig Bursey]

Patrick,

You mention in one of your e-mails that it's in a kiosk setup.  Do you mean you are trying to setup individual kiosk booths using SME or is this a public area with multiple PC's that you want SME to control the Internet access for?

Craig