[CentOS] restrict network access
lists at arnepelka.de
Sat Oct 20 09:05:24 UTC 2007
Lorenzo Quatrini schrieb:
> I would setup a box with a proxy (eg. squid) and grant full internet
> access only to that box. On the other boxes either remove the default
> route, or block on the router/firewall internet access.
> On the proxy you can easily configure proxies for other services too
> (eg. pop3/imap) and filter out traffic from/to Internet at will
> (dansguardian/squidguard); on the pc's you just need to setup the proxy
> on yum.conf to enable yum updates and (if needed) configure the proxy on
> your browser, you email-client and so on.
> I'm still on my way to figure out how to implement a simple yum
> cache/proxy; as soon as I have news I'll let you know, as in that case
> you don't need anymore to setup squid and the proxy box will be really
> trivial to setup.
Thanks for your response, I'm trying to avoid to use a third machine
(proxy or own repository) for my two machines - this would be too much
effort. Both PC are in a university network, I will try to find out if
there is already a proxy I can use.
More information about the CentOS