On Saturday 07 May 2011 12:41:55 Ian Grody wrote:
> If you have a relatively powerful spare PC, use pfSense.
By this, I use a P3 533MHz w/ runs snort and av proxy fine. This box handles 34
users at any one time too! :-)
> This has AV proxy,
> Snort w/ ET THREATS & standard rules (VPS if you pay snort for them). It
> also supports a wealth of other things not found in SOHO routers, or
> router distros.
>
> You can easily firewall, segregate, bridge or whatever into his own little
> portion of the network. Protect his PC w/ snort and squid w/ clamav etc.
>
> Best of all, its free! http://www.pfsense.org
>
> On Saturday 07 May 2011 09:49:29 Rob Malpass wrote:
> > Hi all
> >
> >
> >
> > Moving house shortly which means, for the first time, I have to have my
> > father in law on my network. Now while he's no hacker, he is fond of
> > fiddling and has managed to crash his (Windows) machine so badly over the
> > years that nothing short of a full reinstall has fixed it. His fiddling
> > ranges from downloading patches for stuff he's never thought of using, to
> > coverdisks with offers of games if you include enough adware that "checks
> > for updates" every time it starts up. I'm sure you get the picture!
> >
> >
> >
> > So he's now going to be part of my LAN. Previously, we have had the
> > luxury of two broadband connections: one cable, one ADSL and I had
> > thought of putting him on a separate router and let that be that. At
> > the new place though, while there are two lines, it seems pointless to
> > pay for another ADSL connection just to keep him isolated.
> >
> >
> >
> > What I want is to keep him isolated so he can't even see any network
> > devices, printers - just let him share the connection. I'm thinking:
> >
> > 1) He runs Kapersky so presumably I could tweak this to allow him only
> > access to IP addresses with outbound traffic outside my LAN's range.
> >
> > 2) Setup some sort of rule on the router - not sure how to do this.
> >
> > 3) IPCop is probably the most detailed solution -but again not sure.
> >
> >
> >
> > Is there an obvious solution out there. I don't want to buy netnanny or
> > something like that for him - far too obvious and condescending but I am
> > really worried. I don't want to software firewall the rest of the
> > family's machines so tightly that they become restricted.
> >
> >
> >
> > Cheers
> >
> > Rob
>
> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
> LUG URL: http://www.hantslug.org.uk
> --------------------------------------------------------------
