![]() |
|
![]() | ||
|
Subject:
How to stop internet access to clients and monitor linux clients?
Category: Computers Asked by: arun_p-ga List Price: $10.00 |
Posted:
27 Aug 2005 00:52 PDT
Expires: 26 Sep 2005 00:52 PDT Question ID: 561057 |
Hi Guys, We have setup of 25 clients pc's and a server. The server isn't connected as we are yet to decide on the operating system as we have a problem. Anyhow, our network presently has 5-6 XP clients, 10 Windows 98 clients & 8 Red hat linux clients. We have a broadband connection with a netgear router connected to it for our internet needs. Now, my question is two parts: 1. We use the router as dhcp for assigning ip addresses and thereby our network is under a "Work Group". But, the problem is all pc's connected in the work group are able to browse the internet which we dont want. We want only 4-5 pc's to have full internet access while the rest be able to access mails only (this includes for windows and linux systems). So, i need to know how to configure my network / clients for restricting them to access only our pop3 server to download their specific emails. 2. Second part,we use a PC's monitoring software called "SPY PC" for keeping track as to what our staff do in all windows PC, but we are unable to get any software to do the same in linux. The new software we need should be in a position to record record keystrokes, programs they open, chat and website they visit and later it should generate a mail to be sent as report to a specific email id. We want any freeware that will work both on windows and linux. Please let us know. Cheers! Arun. |
![]() | ||
|
There is no answer at this time. |
![]() | ||
|
Subject:
Re: How to stop internet access to clients and monitor linux clients?
From: bozo99-ga on 27 Aug 2005 15:34 PDT |
Part 1. You probably want a firewall (proxy type ?) with some rules in defining what IP addresses are allowed what - and then used fixed IP addresses not varible DHCP. www.squid-cache.org has a straightforward caching proxy. If you want something a bit more stringent to protect web browsers from harm I haven't got a recommendation. You might also want some user authentication at the firewall rather than trusting theIP addresses on your network. If you have an internal mail server that could do the POP3 collections and then you wouldn't have to allow desktops to speak POP3 past the firewall. Part 2. I doubt you'll find one scheme to cover all OS versions you mention, and I don't know anything (printable!) about Windows. For linux you could use some parts (not all) of the toolset available at http://project.honeynet.org for program logging. This assumes root is not deliberately trying to subvert your logs and that if you take s/w updates (as you probably should) you are prepared to re-apply the honeynet mods to keep those linux desktops monitored. Automated log summaries by email are easy and don't require any software to speak of. |
Subject:
Re: How to stop internet access to clients and monitor linux clients?
From: arun_p-ga on 27 Aug 2005 19:19 PDT |
Hi Bozo99, Thanks for your comments, i will work on them on monday and let you if all your suggessions work. Thanks again. Arun. |
Subject:
Re: How to stop internet access to clients and monitor linux clients?
From: arun_p-ga on 07 Sep 2005 01:28 PDT |
Hi Bozo99, Sorry for the late revert. No it didn't work.. Pls let me know some other alternative.. Arun |
Subject:
Re: How to stop internet access to clients and monitor linux clients?
From: raghusoma-ga on 23 Sep 2005 21:35 PDT |
if the netgear router is used to only access the internet, then you can restrict access to outside internet to specific mac addresses. if the router is used for routing traffic within the LAN, then you need to set firewall rules and use static ip addresses as per the previous comment. netgear should be giving a web access to the router or shell access to configure the firewall. you can get the ip address of the pop3 server and set a rule allowing all ip addresses to that server on the specific ports which the pop3 clients use. for the rest of the pcs, you can give access to all servers on all ports or restrict ports to HTTP and FTP, depending on your requirements. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
Search Google Answers for |
Google Home - Answers FAQ - Terms of Service - Privacy Policy |