If you have a relatively powerful spare PC, use pfSense. This has AV proxy,
Snort w/ ET THREATS & standard rules (VPS if you pay snort for them). It also
supports a wealth of other things not found in SOHO routers, or router
distros.
You can easily firewall, segregate, bridge or whatever into his own little
portion of the network. Protect his PC w/ snort and squid w/ clamav etc.
Best of all, its free!
http://www.pfsense.org
On Saturday 07 May 2011 09:49:29 Rob Malpass wrote:
> Hi all
>
>
>
> Moving house shortly which means, for the first time, I have to have my
> father in law on my network. Now while he's no hacker, he is fond of
> fiddling and has managed to crash his (Windows) machine so badly over the
> years that nothing short of a full reinstall has fixed it. His fiddling
> ranges from downloading patches for stuff he's never thought of using, to
> coverdisks with offers of games if you include enough adware that "checks
> for updates" every time it starts up. I'm sure you get the picture!
>
>
>
> So he's now going to be part of my LAN. Previously, we have had the
> luxury of two broadband connections: one cable, one ADSL and I had thought
> of putting him on a separate router and let that be that. At the new
> place though, while there are two lines, it seems pointless to pay for
> another ADSL connection just to keep him isolated.
>
>
>
> What I want is to keep him isolated so he can't even see any network
> devices, printers - just let him share the connection. I'm thinking:
>
> 1) He runs Kapersky so presumably I could tweak this to allow him only
> access to IP addresses with outbound traffic outside my LAN's range.
>
> 2) Setup some sort of rule on the router - not sure how to do this.
>
> 3) IPCop is probably the most detailed solution -but again not sure.
>
>
>
> Is there an obvious solution out there. I don't want to buy netnanny or
> something like that for him - far too obvious and condescending but I am
> really worried. I don't want to software firewall the rest of the
> family's machines so tightly that they become restricted.
>
>
>
> Cheers
>
> Rob
