From owner-freebsd-questions  Sun Jul  7 16:22:28 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF47437B400
	for <freebsd-questions@FreeBSD.ORG>; Sun,  7 Jul 2002 16:22:26 -0700 (PDT)
Received: from out2.mx.nwbl.wi.voyager.net (out2.mx.nwbl.wi.voyager.net [169.207.3.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0C2A443E52
	for <freebsd-questions@FreeBSD.ORG>; Sun,  7 Jul 2002 16:22:26 -0700 (PDT)
	(envelope-from raiden@shell.core.com)
Received: from shell.core.com (shell.core.com [169.207.1.89])
	by out2.mx.nwbl.wi.voyager.net (8.12.3/8.11.4/1.7) with ESMTP id g67NMPsc017825
	for <freebsd-questions@FreeBSD.ORG>; Sun, 7 Jul 2002 18:22:25 -0500
Received: from localhost (raiden@localhost)
	by shell.core.com (8.11.6/8.11.6/1.3) with ESMTP id g67NMPh16320
	for <freebsd-questions@FreeBSD.ORG>; Sun, 7 Jul 2002 18:22:25 -0500 (CDT)
Date: Sun, 7 Jul 2002 18:22:25 -0500 (CDT)
From: Steven Lake <raiden@shell.core.com>
X-X-Sender: raiden@shell.core.com
To: freebsd-questions@FreeBSD.ORG
Subject: Proxies and limited access
Message-ID: <Pine.GSO.4.44L0.0207071730190.12903-100000@shell.core.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	HI all.  I've got one of our offsite locations that I was asked to
outfit with a proxy server friday (ok, so I'm slow getting to this) and
set it to lock down all access to the lan.

	Obviously normal for a proxy server.  But here's the catch.  This
will be inside of the normal security hardware that we have in place
currently.  What they want it to do is to block all the employees in the
office, except a select few, from having ANY access to the internet.
They'll still have VPN access to the main network, but no internet access.

	They want to block this by internal IP address, and by login.  So
if you have a qualifying IP address you will then be prompted to login to
the Proxy server in order to have net access.  If you don't have a
qualifying IP address, you're blocked outright.  Kind of double protection
to keep employees working instead of surfing.  I'm looking for a good
proxy server port that will aid me in doing this and a tutorial on how
best to set this up.  Any help is welcome.  Thanks.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message