Arne Pelka ha scritto: > Hi, > > I have two pc using centos 4, these machines need only access to the > (big, class b) local network. Because of security reasons the network > access should be restricted to this local network - mainly the users of > these pc should not be able to access webpages outside of the local > network. My problem is, that I have no own centos repository and > therefore these two pc need access to the centos mirrors to get updates. > What would be the best way to restrict the network access to the local > network and allow the access to some external addresses (a centos mirror > and maybe some other servers/websites). > I was thinking about iptables but I'm not very experienced in this > questions - maybe there is an easier way. The configuration with > iptables seems to be very complex, I was skimming through some tutorials > and the man pages. > > In thanks and with best reagrds, > Arne > I would setup a box with a proxy (eg. squid) and grant full internet access only to that box. On the other boxes either remove the default route, or block on the router/firewall internet access. On the proxy you can easily configure proxies for other services too (eg. pop3/imap) and filter out traffic from/to Internet at will (dansguardian/squidguard); on the pc's you just need to setup the proxy on yum.conf to enable yum updates and (if needed) configure the proxy on your browser, you email-client and so on. I'm still on my way to figure out how to implement a simple yum cache/proxy; as soon as I have news I'll let you know, as in that case you don't need anymore to setup squid and the proxy box will be really trivial to setup. Regards Lorenzo Quatrini