Internet access control without squid

Question

I intend to configure a server as a gateway.

I'll use it to manage network users, as well as share the internet connection for this network.

I will not share the Internet with squid, but I still wanted to be able to establish rules of access, such as sites that can not be accessed.

How can I do this without using squid?

Important note:

I consider squid an excellent software. My problem is not with the squid in particular, but with any kind of proxy, because I have clients that use a series of programs that simply can not access the Internet via proxy.

Rather to score my question negatively, you could put your points of view, and you might understand that this is a case study.

I have seen many programs that do not support proxy simply can not access the internet. — Paulo Coghi, Aug 29 '11 at 18:46

score 2 · Answer 1 · edited Aug 29 '11 at 18:44

2

If you are not going to use that machine for any purpose, I would suggest you to install a firewall distro like untangle, which will provide you more control & customization.

Check Wikipedia for a complete list and choose the one which comply with your requirements.

edited Aug 29 '11 at 18:44

Ben Pilbrow

11,995
5
35
57

answered Aug 29 '11 at 18:43

SparX

1,924
12
10

please don't "sign" your posts as you have been doing. If you haven't already, please check out [the FAQ section](http://serverfault.com/faq#signatures) on the subject. – Ben Pilbrow Aug 29 '11 at 18:46

score 2 · Accepted Answer · answered Aug 29 '11 at 18:50

You can use some other proxy server if you have a particular bent against squid. However, if the only limitation you have is that you use software which accesses resources via HTTP but doesn't support the explicit configuration of a proxy (which means it's stupid software, but whatever) then you can use Squid in transparent mode. It doesn't allow you some of the cool features of squid (such as proxy authentication), but it still gives you the ability to filter the websites that can be visited, and with a non-technical userbase and statically-assigned IP addresses, you can still do some measure of per-user filtering and access logging.

Then, the transparent proxy allows applications that do not support proxy access the internet normally. Is that right? — Paulo Coghi, Aug 29 '11 at 19:07

score 1 · Answer 3 · answered Aug 29 '11 at 19:18

You can check out http://www.opendns.com/

I use it in a bar for restricting public wifi access. Using firewall I blocked local network to use any other DNS service but the local DNS one; and local DNS is just forwarder for OpenDNS.

Via OpenDNS web you can specify groups of sites you want to block, or specify per domain which things should be blocked. Definitely not a bullet proof solution but a simple and easy to deploy that will serve well in most environments when you need quick and easy to maintain solution.

Internet access control without squid

3 Answers3