[NTLUG:Discuss] How do you secure a LAN?

[Courtney Grimland]

On Sat, 4 Jan 2003 14:03:58 -0600
"Bob Byron" <ntlug at radit.com> wrote:

> Thank you for your suggestion.  I did review squid.
> 
> At first look, I am disinclined to use squid due to it requiring
> proxy setup for access.  I have a wide variety of systems I have to
> support and I don't know that they would all be able to use proxy
> settings.  Allowing the firewall to choose whether or not to accept
> or deny access based on the MAC allows me to turn everything on, or
> off for a user.  I also don't have to worry that the proxy server
> might be giving me problems.  I can write a webapp pretty quick to
> make the MAC/user firewall changes, and that should be all that I
> need to control my little world.

Squid, along with a simple ipchains/iptables redirect and something
like squidguard, is an easy transparent proxy.  The hosts will never
know their requests are getting intercepted.  It's fun to play
redirection tricks on unsuspecting roommates.  8^)