GKChesterton
Programmer
Can a hardware firewall be administered/locked discretely, so client PC admins are unable to access it? Can the person with access lock it and walk away, leaving the client users able to do everything except tamper with the firewall settings?
I am a beginner-proficient Ubuntu Ibex user. My experience is not from the server admin side of things.
I am graduating to LAN administration. I'll oversee 3-6 computers running Ubuntu. Users must be able to administer their computers to a large degree.
Wireless LAN will connect all computers to the Internet. Internet browsing must be filtered. (I currently use DansGuardian, tinyproxy, firehol for a single PC; DansGuardian serves perfectly.) It's strictly (legally) required that no one be able to tamper with the filtering.
Each user understands OS Linux and will be learning more, but no one is extremely knowledgeable. If a solution can be considered 98% tamper-proof for non-experts, that is good enough. There's no assurance that someone won't boot their PC from an external device. It IS assured that no one will get to a different network connection.
The firewall unit will be physically locked away. THAT'S MY HEADACHE, actually. Once it's going, getting physical access is going to be inconvenient, as I'm basically one of the prisoners. So my solution needs to be reliable.
I assume that a PC must be dedicated for this purpose (that seems necessary, given discrete admin access). I don't have a lot of money for this, but I have a bare-bones PC and a hundred bucks.
So, to return to my summary at top: I want to be able to configure a firewall so the users can admin their own PCs but not roam the Net, and I need a reliable solution I won't have to fiddle with once it's going. Will an external firewall give me that? Must it be a running PC (or is there a 'black box' hardware solution)? Can anyone give me starter tips or how-to links? Does the Ubuntu repository have any good tools?
I am a beginner-proficient Ubuntu Ibex user. My experience is not from the server admin side of things.
I am graduating to LAN administration. I'll oversee 3-6 computers running Ubuntu. Users must be able to administer their computers to a large degree.
Wireless LAN will connect all computers to the Internet. Internet browsing must be filtered. (I currently use DansGuardian, tinyproxy, firehol for a single PC; DansGuardian serves perfectly.) It's strictly (legally) required that no one be able to tamper with the filtering.
Each user understands OS Linux and will be learning more, but no one is extremely knowledgeable. If a solution can be considered 98% tamper-proof for non-experts, that is good enough. There's no assurance that someone won't boot their PC from an external device. It IS assured that no one will get to a different network connection.
The firewall unit will be physically locked away. THAT'S MY HEADACHE, actually. Once it's going, getting physical access is going to be inconvenient, as I'm basically one of the prisoners. So my solution needs to be reliable.
I assume that a PC must be dedicated for this purpose (that seems necessary, given discrete admin access). I don't have a lot of money for this, but I have a bare-bones PC and a hundred bucks.
So, to return to my summary at top: I want to be able to configure a firewall so the users can admin their own PCs but not roam the Net, and I need a reliable solution I won't have to fiddle with once it's going. Will an external firewall give me that? Must it be a running PC (or is there a 'black box' hardware solution)? Can anyone give me starter tips or how-to links? Does the Ubuntu repository have any good tools?
[purple]If we knew what it was we were doing, it would not be called
research [blue]database development[/blue], would it? [tab]-- Albert Einstein[/purple]