Control/Restrict network traffic

[UnknownPerson]

I heard that in the 2.4 Kernel we have the ability to control the network traffic with more precission.

I work at a school were we have about 25 computers which constantly get infected by the "background" processors found in some trojans which take 99% of our CPU time (according to Task Manager {Win2k}). We have a Linux server that routes data out to the world.

I want to have more control on what kind of traffic is passable by our server, to say, only http ports and alike, limit the bandwidth usage (this would be fantastic!) and have more power of control on our network.

If anyone has experience or knows how to do this, please give me a hint.

 

[krale]

In your case, you probably want to not forward anything. If you only need http (80) traffic, go install Squid. It's a http caching server that runs on all variants of *nix.

If you do want to continue using iptables, I'd suggest a program called "ipmenu". I'm not sure where you get it, as Debian has it on their servers (just apt-get install ipmenu).
Great console-based menu for selecting routing/tables .

Please let Tek-Tips members know if their posts were helpful.

 

[PcLinuxGuru]

Squid seems to be what your looking for. I have approximately 250 computers here. I installed Squid as the proxy and at the router (another linux box with 2 nic's) I blocked all traffic except the proxy (I did have to install a caching only DNS server to the same box squid was on for ease of use).

Now unless it goes through the proxy the computer will be unable to talk to the outside world.

As for bandwidth limitations you can control bandiwdth many different ways with Squid. For example my machine has unlimited bandwidth while everyone else has a lot less (slow bandwidth stops people from downloading junk. Who wants to wait an hour for a file)

 

[UnknownPerson]

Well, for web traffic then Squid would do, but I also need people to be able to use ICQ software and other special TCP/IP "file server" software (I could say the name but I could get kicked from Tek-Tips.com if I say the programs name

Can those be also supported by Squid? What kind of Proxy is Squid capable of? (SOCKSx, or only Web?)

Thanks for all the answers!

 

[krale]

If you're reffering to trojans, just say the name. Nobody's going to kick you for saying it.

In fact, I see a Back Oriface installation to be as safe- if not safer- than installing PCanywhere. In terms of commandline-like control, BO is your answer. I also use VNCserver if I need access to the gui (rarely). And of course, I try to have it tunneled through ssh.

Point is, you need to know the port number of the trojan you use in order to allow traffic to pass through your gateway.

Please let Tek-Tips members know if their posts were helpful.

 

[UnknownPerson]

No no no....

I wasn't referring to Back Orifice or other trojans. I hate trojans. I was referring to the one and only Kazaa. Actually, we need to let Kazaa for a few machines, but it has some cpu-robbing-trojans itself that I just want to clear out.

I wan't reffering to Back Orifice. Is it still in use?

 

[lgarner]

I'd suggest using iptables and blocking all but specified ports- 80, 443, etc.

You can also use squid, which might be good for a school as it allows some content control as well. I have a sql database of url phrases which gets pushed out to the squid servers daily for this purpose. Iptables can then force all outbound web traffic to go through squid to enforce this.