Hi, I have a 3 computer network with 1 Linux (SuSE8.2) and 2 WinME machines hooked up to a 4 port Linksys router. Everything is working ok, I have Samba configured to share files and printers on my Linux box.

Here is what I want to do - one of the WinME machines is used by my 8 year old for surfing the Web and home assignments, I want to limit what websites she can get to. How do I do this ? Currently each machine can get to the internet via the router which is hooked directly to the cable modem. I am not sure if I should read up on DNS, DHCP, Samba or proxy to do this, or maybe there is something really simple that will acomplish this.

Can someone point me in the right direction please ?

If its just a matter of liumiting the sites she can go to, try configuring Internet explorer. You should be able to lock down on the sites she can and can not access.

Sounds like you need a program like net nanny.

I think the real direction to look into would be firewall. I don't even want to think about how many ip addresses that would be to either allow or deny.

You could try squid gaurd (http://www.squidguard.org/) . It's a webfilter similar to surf control, but free :)

Don't bother with your firewall, it would be way too difficult to configure for something as trivial as this. Netnanny is fine. Or, if you know which sites you want to let her see, in internet explorer click on Tools-Internet Options-Content tab-enable-approved sites, and enter the websites you want to let her see.

retoon, looks like the simplest solution is the best one. I will use the IE Tools-Internet Options-Content tab-enable-.. to start enabling only a few sites for now.

mtbtreker, squid gaurd seems like an intriguing possibility. I quickly browsed the web site and it looks pretty good. It appears that the 'more elegant' way would be to use this as proxy server and set up the IE browser on WinME to use a proxy server which runs on my Linux box. Hmmm... sounds complicated, but I think I will give this a try when I have time.

Has anyone set up a proxy server? Any pointers ??

AF

retoon, looks like the simplest solution is the best one. I will use the IE Tools-Internet Options-Content tab-enable-.. to start enabling only a few sites for now.

mtbtreker, squid gaurd seems like an intriguing possibility. I quickly browsed the web site and it looks pretty good. It appears that the 'more elegant' way would be to use this as proxy server and set up the IE browser on WinME to use a proxy server which runs on my Linux box. Hmmm... sounds complicated, but I think I will give this a try when I have time.

Has anyone set up a proxy server? Any pointers ??

AF

Mandrakes MNF makes it a fairly simple process, and there is decent documentation on Mandrake's website. Hopefully you do not have comcast for your ISP. I have yet to get a MNF box to work with there DHCP servers, but a plain MDK box setup as a firewall/proxy with DHCP for external network works just fine. I have setup MNF successfully on a static IP with a different ISP. Shorewall, squid/squid gaurd, dhcp and several others are standard features.

Odds on I'll guess you already have the Squid cache available on your Linux machine even if it isn't running/configured. It's then a fairly easy step to get something like SquidGuard running though I haven't done this bit personally. Squid itself is easy and only needs handful of config file lines to be changed. This also has the added benefit of speeding up the web page loading times especially for stuff like flash/shockwave content.

It's not 100% designed for a home cache, but I have a squid cache How To at the URL in my sig. I think the only thing you'd not need to do was add an upstream proxy, and you may also want to manually add your ISP's nameservers to your /etc/resolve.conf file otherwise you'll need to restart squid each time you connect to the net.

Once you get squid running, you can then look at SquidGuard which is basically a redirector: if someone requests a 'banned' webpage SquidGuard pretends to happily serve the page but serves a banned message instead of the true page.

Once you've got Squid configured and running under Linux, it's a simple change in IE in Tools > Options > Connections > Lan Settings and point IE to the IP/hostname of your Linux PC and the relevant port for Squid: usually 3128. If you run a webserver for your LAN, you can add the IP of your Linux PC to the 'bypass' list and it should work fine....

Good luck,

nry

Success, I have got squid configured and running as a proxy server. It took a few tries to get everything working. :)

I also have squidGuard working, but have not figured out how to configure it to block all naughty web sites for my kids WinME machine. Still working on it, but the end is in sight.

congrats