Arne Pelka ha scritto:
Hi,
I have two pc using centos 4, these machines need only access to the
(big, class b) local network. Because of security reasons the network
access should be restricted to this local network - mainly the users of
these pc should not be able to access webpages outside of the local
network. My problem is, that I have no own centos repository and
therefore these two pc need access to the centos mirrors to get updates.
What would be the best way to restrict the network access to the local
network and allow the access to some external addresses (a centos mirror
and maybe some other servers/websites).
I was thinking about iptables but I'm not very experienced in this
questions - maybe there is an easier way. The configuration with
iptables seems to be very complex, I was skimming through some tutorials
and the man pages.
In thanks and with best reagrds,
Arne
I would setup a box with a proxy (eg. squid) and grant full internet access
only to that box. On the other boxes either remove the default route, or block
on the router/firewall internet access.
On the proxy you can easily configure proxies for other services too (eg.
pop3/imap) and filter out traffic from/to Internet at will
(dansguardian/squidguard); on the pc's you just need to setup the proxy on
yum.conf to enable yum updates and (if needed) configure the proxy on your
browser, you email-client and so on.
I'm still on my way to figure out how to implement a simple yum cache/proxy; as
soon as I have news I'll let you know, as in that case you don't need anymore
to setup squid and the proxy box will be really trivial to setup.
Regards
Lorenzo Quatrini
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
