Google Answers Logo
View Question
 
Q: How to stop internet access to clients and monitor linux clients? ( No Answer,   4 Comments )
Question  
Subject: How to stop internet access to clients and monitor linux clients?
Category: Computers
Asked by: arun_p-ga
List Price: $10.00
Posted: 27 Aug 2005 00:52 PDT
Expires: 26 Sep 2005 00:52 PDT
Question ID: 561057
Hi Guys,

We have setup of 25 clients pc's and a server. The server isn't
connected as we are yet to decide on the operating system as we have a
problem. Anyhow, our network presently has 5-6 XP clients, 10 Windows
98 clients & 8 Red hat linux clients. We have a broadband connection
with a netgear router connected to it for our internet needs.

Now, my question is two parts:

1. We use the router as dhcp for assigning ip addresses and thereby
our network is under a "Work Group". But, the problem is all pc's
connected in the work group are able to browse the internet which we
dont want. We want only 4-5 pc's to have full internet access while
the rest be able to access mails only (this includes for windows and
linux systems). So, i need to know how to configure my network /
clients for restricting them to access only our pop3 server to
download their specific emails.

2. Second part,we use a PC's monitoring software called "SPY PC" for
keeping track as to what our staff do in all windows PC, but we are
unable to get any software to do the same in linux. The new software
we need should be in a position to record record keystrokes, programs
they open, chat and website they visit and later it should generate a
mail to be sent as report to a specific email id. We want any freeware
that will work both on windows and linux.

Please let us know.

Cheers!
Arun.
Answer  
There is no answer at this time.

Comments  
Subject: Re: How to stop internet access to clients and monitor linux clients?
From: bozo99-ga on 27 Aug 2005 15:34 PDT
 
Part 1.
You probably want a firewall (proxy type ?) with some rules in
defining what IP addresses are allowed what - and then used fixed IP
addresses not varible DHCP.
www.squid-cache.org has a straightforward caching proxy.  If you want
something a bit more stringent to protect web browsers from harm I
haven't got a recommendation.

You might also want some user authentication at the firewall rather
than trusting theIP addresses on your network.

If you have an internal mail server that could do the POP3 collections
and then you wouldn't have to allow desktops to speak POP3 past the
firewall.


Part 2.
I doubt you'll find one scheme to cover all OS versions you mention, and I don't
know anything (printable!) about Windows.

For linux you could use some parts (not all) of the toolset available
at http://project.honeynet.org for program logging.  This assumes root
is not deliberately trying to subvert your logs and that if you take
s/w updates
(as you probably should) you are prepared to re-apply the honeynet mods to
keep those linux desktops monitored.

Automated log summaries by email are easy and don't require any
software to speak of.
Subject: Re: How to stop internet access to clients and monitor linux clients?
From: arun_p-ga on 27 Aug 2005 19:19 PDT
 
Hi Bozo99,

Thanks for your comments, i will work on them on monday and let you if
all your suggessions work. Thanks again.

Arun.
Subject: Re: How to stop internet access to clients and monitor linux clients?
From: arun_p-ga on 07 Sep 2005 01:28 PDT
 
Hi Bozo99,

Sorry for the late revert. No it didn't work.. Pls let me know some
other alternative..

Arun
Subject: Re: How to stop internet access to clients and monitor linux clients?
From: raghusoma-ga on 23 Sep 2005 21:35 PDT
 
if the netgear router is used to only access the internet, then you
can restrict access to outside internet to specific mac addresses.

if the router is used for routing traffic within the LAN, then you
need to set firewall rules and use static ip addresses as per the
previous comment. netgear should be giving a web access to the router
or shell access to configure the firewall. you can get the ip address
of the pop3 server and set a rule allowing all ip addresses to that
server on the specific ports which the pop3 clients use.  for the rest
of the pcs, you can give access to all servers on all ports or
restrict ports to HTTP and FTP, depending on your requirements.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy