Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: ScottieDog on June 02, 2009, 03:21:13 PM

Title: Restrict Access from Internal Network
Post by: ScottieDog on June 02, 2009, 03:21:13 PM

We use SME 7.4 as backup gateway in a Microsoft School environment. The internal IP address is of course on the same subnet as the other servers.

Some students have discovered they can manually point their browser to the SME box and get unfiltered access to the Internet.

Can somebody advise me how I can restrict only a few specific computers to be allowed access to the SME server from the internal network ?

Thanks in advance.

Title: Re: Restrict Access from Internal Network
Post by: versa on June 02, 2009, 05:27:56 PM

You could try Dansguardian and filter the connections
http://wiki.contribs.org/Dansguardian

or a search gave me this
http://forums.contribs.org/index.php/topic,33613.0.html

Title: Re: Restrict Access from Internal Network
Post by: mmccarn on June 03, 2009, 02:17:56 PM

Here are some notes on blocking outbound traffic: http://wiki.contribs.org/Firewall#Block_outgoing_ports

This method does *not* prevent access to the web or smtp proxy servers, so you would still need to address those issues.

The SMTP proxy can simply be disabled.

For the web proxy, you could install DansGuardian or you might get what you want by configuring your SME to use your regular proxy as an "upstream proxy" -- then the clever students could redirect their browsers, but they'd still be using your main proxy...

I've never used it, but you may be interested in http://wiki.contribs.org/Vnstat so you can monitor what goes through your SME.