[CentOS] [OT maybe] netcafe firewall

Mon Mar 20 15:43:36 UTC 2006
Alexandru E. Ungur <alexandru at globalterrasoft.ro>

>>> sender: "Craig White" date: "Mon, Mar 20, 2006 at 07:50:24AM -0700" <<<EOQ
> On Mon, 2006-03-20 at 13:33 +0200, Alexandru E. Ungur wrote:
> > Hi all,
> > 
> > I appologise in advance if this is a little OT, but I am building 
> > a box that will serve as firewall and router for a small 'internet
> > cafe / netcafe' and am using CentOS...
> > 
> > So here it is:
> > What are the best tools to be used for keeping the potential
> > script kiddies from 'harming the Internet' :) ? I specifically want 
> > to be able to detect and prevent portscans from LAN to Internet, and
> > any other malware activity the clients might think of.
> > 
> > I am particularily interested in 'the CentOS way'. For example I
> > know there is psd module in patch-o-matic for iptables to be able
> > to do the portscan detection in firewall... but, that doesen't
> > feel like 'CentOS way' (because I have to build a cusom kernel) 
> > unless there is some kernel (even 3rd part, unsuported/etc.) that 
> > already has this in...
> > 
> > Also I know of the portsentry tool, but the project seems pretty much
> > dead after Cisco bought Psyonic... and again is not on up2date's list...
> > 
> > I intend to use Snort, though I hope that it won't share portsentry's
> > fate and become extinct after Check Point's acquisition of Sourcefire
> > will be completed. No FUD intended on this, optimistic views are always
> > highly welcomed :)
> > 
> > Luckily denyhosts has no plans of selling itself to anyone so that's
> > one project I can safely use :)
> > 
> > So, Open Source portscaner for CentOS... anyone... ? :)
> > 
> > 
> > Thank you for your time and help,
> ----
> why not just use a proxy server like squid?
Thank you for the suggestion. Yep, Squid/Oops + Dansguardian, is very good 
ideea and I'll probably use it.

However how can that stop a kid to download the latest/coolest 'hacking
script' and start doing portscans & co. ? I don't want to limit what they
can access via web, but to limit what they can 'do to Internet' from their
Windows boxes through the gateway I am setting up.
I just don't like to have nobody messing on my FORWARD chains that's all ;)

Thanks again,
Alex