From owner-freebsd-questions@FreeBSD.ORG Tue Apr 10 03:28:23 2012 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 16DDE106566C for ; Tue, 10 Apr 2012 03:28:23 +0000 (UTC) (envelope-from jbiquez@intranet.com.mx) Received: from intranet.com.mx (intranet.com.mx [200.33.246.7]) by mx1.freebsd.org (Postfix) with ESMTP id CE6CC8FC0A for ; Tue, 10 Apr 2012 03:28:22 +0000 (UTC) Received: from PC2.intranet.com.mx (189.191.40.153) by intranet.com.mx with ESMTP (EIMS X 3.3.9) for ; Mon, 9 Apr 2012 22:28:29 -0500 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 X-Priority: 1 (Highest) Date: Mon, 09 Apr 2012 22:27:24 -0500 To: freebsd-questions@FreeBSD.org From: Jorge Biquez Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-ID: <3416873322-176955401@intranet.com.mx> Cc: Subject: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2012 03:28:23 -0000 Hello all. I am sorry if this is kind OFF Topic. I am looking for help from more experienced people in these areas. Please let me know if this question should be moved to FREEBSD-CHAT list. As I have mentioned before I am helping a school , non profit with their IT issues. As always there are some "experts" that controls everything and do not let you change anything because is their kingdom. Anyway, there we have Internet service from a cable company and they have some cisco routers to receive the access and from there some Cisco Switches. In the classrooms we have very old PCs running XP. In some of my classes I am using Freebsd and Ubuntu running on a USB. So each student have one USB and they work that way booting from their 4GB USB stick. (it is slow but it has worked until now). One of the managers asked me for help to block some web sites were some students in the other lab and people that helps there waste bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and spend lot of time on facebook also. Our bandwidth is only 4Mb and you understand that with a few that are seeing movies and videos the rest of us can not work at all. Thing is that "other manager" (you know how those things are sometimes) do not want us to do that since his "guru" and expert is the one that controls all the Network. So the best we could get until now is that we can do "all we can" without touching the Cisco routers and until now not administrative password for change anything on the PCs (that could change one we prove that we can have the solution and show it to the board of people that runs the place). The Internet provider gives the DNS servers to use and one of the routers gives the DHCP service. First thing I thought was to change the DNS servers and use the one from my small office (running Freebsd 7.3) using Bind there and simply block there pointing the sites to nothing in the Apache configuration. It does not work. Once changed the DNS values the PC does not resolve anything. It was a quick test but that does not work. Not sure if Internet provider is blocking in some way that we can not use other DNS server but theirs. Other solution I was thinking while coming home was to convert one machine there to a freebsd server and use it as a router (if they let me) so that way I can control from there and do filtering. Issue is that maybe they do not let me but connect the server as an extra machine without replacing the main router so in that case I would have 2 DHCP servers doing the same service in the same lan and could be conflicts I guess. Another solution a friend suggested was to buy one small router (from my money for sure) and let that small router to receive the internet (RJ45) and from that with the small 4 port switch included to provide the internet to the switches to feed the labs , library and administrative offices. I have never use one of those and I am short on money so I would like to explore other alternatives before if possible. Finally another solution would be to install in each PC a kind of Nanny software but only if free, otherwise is not a solution (I do not know of any yet but will do searching the following hours). I know all can be solved if the "guru-expert" guy would let me have passwords from PC's, router, etc but that won't be an option since they think we would try to take the control of those services (we do not want that) so the burocracy could be a problem there. He have told them that to block is not possible (they have been working that way for years). So, in this kind of schema. Do you think FreeBSD (even linux) could be of help if we do not have access to routers, switches and can not install new software on the PCs( the ones running XP)? Any comments you have that could help me to solve this challenge? Thanks in advance for your time and comments. Jorge Biquez