Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Apr 2012 10:50:59 +0200
From:      "Terrence Koeman" <terrence@mediamonks.net>
To:        "Jorge Biquez" <jbiquez@intranet.com.mx>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   RE: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
Message-ID:  <7515505cb4e9104bbe3574db313a173a@mediamonks.com>
In-Reply-To: <3416873322-176955401@intranet.com.mx>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is a multi-part message in MIME format.

------=_NextPart_000_0030_01CD17D0.FB1BEC40
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Tue, 10 Apr 2012 at 05:27:24, Jorge Biquez wrote:

> Hello all.
> 
> I am sorry if this is kind OFF Topic. I am looking for help from more
> experienced people in these areas. Please let me know if this
> question should be moved to FREEBSD-CHAT list.
> 
> As I have mentioned before I am helping a school , non profit with
> their IT issues. As always there are some "experts" that controls
> everything and do not let you change anything because is their
> kingdom. Anyway, there we have Internet service  from a cable company
> and they have some cisco routers to receive the access and from there
> some Cisco Switches.
> In the classrooms we have very old PCs running XP. In some of my
> classes I am using Freebsd and Ubuntu running on a USB. So each
> student have one USB and they work that way booting from their 4GB
> USB stick. (it is slow but it has worked until now).
> 
> One of the managers asked me for help to block some web sites were
> some students in the other lab and people that helps there waste
> bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and
> spend lot of time on facebook also. Our bandwidth is only 4Mb and you
> understand that with a few that are seeing movies and videos the rest
> of us can not work at all. Thing is that "other manager" (you know
> how those things are sometimes) do not want us to do that since his
> "guru" and expert is the one that controls all the Network. So the
> best we could get until now is that we can do "all we can" without
> touching the Cisco routers and until now not administrative password
> for change anything on the PCs (that could change one we prove that
> we can have the solution and show it to the board of people that runs
> the place).
> 
> The Internet provider gives the DNS servers to use and one of the
> routers gives the DHCP service.
> 
> First thing I thought was to change the DNS servers and use the one
> from my small office (running Freebsd 7.3) using Bind there and
> simply block there pointing the sites to nothing in the Apache
> configuration. It does not work. Once changed the DNS values the PC
> does not resolve anything. It was a quick test but that does not
> work. Not sure if Internet provider is blocking in some way that we
> can not use other DNS server but theirs.
> 
> Other solution I was thinking while coming home was to convert one
> machine there to a freebsd server and use it as a router (if they let
> me) so that way I can control from there and do filtering. Issue is
> that maybe they do not let me but connect the server as an extra
> machine without replacing the main router so in that case I would
> have 2 DHCP servers doing the same service in the same lan and could
> be conflicts I guess.
> 
> Another solution a friend suggested was to buy one small router (from my
> money for sure) and let that small router to receive the internet (RJ45)
> and from that with the small 4 port switch included to provide the
> internet to the switches to feed the labs , library and administrative
> offices. I have never use one of those and I am short on money so I
> would like to explore other alternatives before if possible.
> 
> Finally another solution would be to install in each PC a kind of
> Nanny software but only if free, otherwise is not a solution (I do
> not know of any yet but will do searching the following hours).
> 
> I know all can be solved if the "guru-expert" guy would let me have
> passwords from PC's, router, etc but that won't be an option since
> they think we would try to take the control of those services (we do
> not want that) so the burocracy could be a problem there. He have
> told them that to block is not possible (they have been working that
> way for years).
> 
> So, in this kind of schema. Do you think FreeBSD (even linux) could
> be of help if we do not have access to routers, switches and can not
> install new software on the PCs( the ones running XP)?
> 
> Any comments you have that could help me to solve this challenge?

You could ask the "guru-expert" guy to implement traffic shaping like
weighted fair queuing and prioritizing SYN's etc. That way people can watch
all the videos they want without it affecting the work of others.

You can also implement it yourself transparently with a FreeBSD box with two
adapters bridged and something like ipfw+dummynet, you'd just need to insert
it somewhere in the route (before any masquerading is performed though).

-- 
Regards,
T. Koeman, MTh/BSc/BPsy; Technical Monk

MediaMonks B.V. (www.mediamonks.com)
Please quote relevant replies in correspondence.

------=_NextPart_000_0030_01CD17D0.FB1BEC40
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIAjCCA8ow
ggKyoAMCAQICEEUuM5TRXSsqy2M6PXNSZ3kwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAlVT
MR4wHAYDVQQLExV3d3cueHJhbXBzZWN1cml0eS5jb20xJDAiBgNVBAoTG1hSYW1wIFNlY3VyaXR5
IFNlcnZpY2VzIEluYzEtMCsGA1UEAxMkWFJhbXAgR2xvYmFsIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5MB4XDTExMDcxNjE0MDEyOVoXDTEyMDcxNjE1MTY1N1owdzEgMB4GA1UEAxQXdGVycmVuY2VA
bWVkaWFtb25rcy5uZXQxDjAMBgNVBAgTBXNtaW1lMQswCQYDVQQGEwJVUzEmMCQGCSqGSIb3DQEJ
ARYXdGVycmVuY2VAbWVkaWFtb25rcy5uZXQxDjAMBgNVBAoTBXNtaW1lMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQChRrpOuDewU94nfT8orYLjRRWCXIpT5sBcc2/xSaI00SPo6HK/G33JNyFS
1yZT/oiCZvF9EsD9cF14+ymWpoZ+14BSHJ9SD5rldKRQ7ETHEifLnM64oCp8Mh8HjzO/AvycbONu
hC/iS380VIZqddDZych9+IMtNRMO4nSBFMQ35QIDAQABo4HJMIHGMAkGA1UdEwQCMAAwHQYDVR0O
BBYEFDWoOhnIHkcHhg0ftxrYRqHL7x0xMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD
BDA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnNlY3VyZXRydXN0LmNvbS9YR0NBLmNybDBC
BgNVHSAEOzA5MDcGCmCGSAGG/WQCAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3NzbC50cnVzdHdh
dmUuY29tL0NBMA0GCSqGSIb3DQEBBQUAA4IBAQCM74qzG599TkL+P5DKV9+ZnN1QzKEXSV4DEC+m
dRgBfPLKFZ3eyJoqVyfZIZswXMtvR4lZB7wGG9QDn+AZDjdJqJ84DNMma+MiifSP2unYI7pqV/5/
972/C8pvjLbiNSsMWmNMJKKfMAIEU+nLiNGfqlOj1Pz5WEz5ljgLRmivLWDAv3w/vcc9mCxTXbR1
TPhSA8UrNhlQLwy9L5dl408ILyVT4VblPbT/6TQn9pRlqtAiwkORnpadC4cH0uwK+NGnN9yarSJC
9SHPRujqNvMX61ojgXEOGhY1lyL7z2S4Jc6912Ezb9TbCT8MYlZ2ILKDwt+cpjhhONtWt35w7jDr
MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbwxggOxMIID
rQIBATCBlzCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9i
YWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEEUuM5TRXSsqy2M6PXNSZ3kwCQYFKw4DAhoFAKCC
Am8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIwNDExMDg1MDU5
WjAjBgkqhkiG9w0BCQQxFgQU1zzHvnLVb5pgUITcAmu8kcBj0hswgagGCSsGAQQBgjcQBDGBmjCB
lzCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UE
ChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkCEEUuM5TRXSsqy2M6PXNSZ3kwgaoGCyqGSIb3DQEJEAILMYGa
oIGXMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3LnhyYW1wc2VjdXJpdHkuY29tMSQwIgYD
VQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMxLTArBgNVBAMTJFhSYW1wIEdsb2JhbCBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQIQRS4zlNFdKyrLYzo9c1JneTCBtwYJKoZIhvcNAQkPMYGp
MIGmMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUDBAECMA4G
CCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAHBgUr
DgMCGjALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAsGCWCGSAFlAwQCATAKBggqhkiG9w0CBTAN
BgkqhkiG9w0BAQEFAASBgA3CUyCdReEBR3fgfIh/i2r7DMkwwzgydwjcpDqtYUK+9bDzW7nP/Z6f
NIbthdpTXKIEhjLBi7PHgZOC5619c564KxHHjaqc+MzWFZ3pAFYP6e54OWraebIY9SXGH04YDZcR
/M87H4vZ7m9hCn6A28xq4lA+USmE7J7eSocXLYyKAAAAAAAA

------=_NextPart_000_0030_01CD17D0.FB1BEC40--




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?7515505cb4e9104bbe3574db313a173a>