I am looking for a cheap hardware device to act as a firewall that will prevent Internet access unless it is to the address of my proxy server. I was looking at a Netgear RP614 as a possible solution. Here is the scenario I am working with: I have 27 locations with 25 computers at each. They are for Internet only (a workgroup with addresses supplied by DHCP through a router) and the ISP is cable with a separate connection in each location. The cable company owns the router that is in each location, but we are not able to modify it. We have set up a caching proxy server on an outside address that these clients use for Internet filtering. Problem is that our users are changing the IE settings to not use the proxy. I am looking for a hardware solution that I can put between the switch that we own and their their router that will do only one thing--block all Internet unless they use our proxy address. Other than that I want it to be transparent, letting their router continue to provide natting and DHCP. Does anyone have any ideas? Thanks.
Cheap hardware firewall
- Thread starter bobbys9
- Start date
- Status
Samstoned
Posts: 1,009 +0
give the routers back to the cable co.
install you own router and password protect it
now here is where it may get tricky
you will need some way for the client not access the modem as all the have to do is disconnect from router and connect right to the modem
if there machine is setup that they are not admin it may be possiable to set there nic up with static and they may not be able to access the modem at this point or reconfig the nic card no permissions
on another note I don't understand , if you are renting a router that you don't have control over it,
or do you mean modem and you do have access to the modem default is 192.168.100.1
install you own router and password protect it
now here is where it may get tricky
you will need some way for the client not access the modem as all the have to do is disconnect from router and connect right to the modem
if there machine is setup that they are not admin it may be possiable to set there nic up with static and they may not be able to access the modem at this point or reconfig the nic card no permissions
on another note I don't understand , if you are renting a router that you don't have control over it,
or do you mean modem and you do have access to the modem default is 192.168.100.1
Nodsu
Posts: 5,451 +7
I'm not sure if I understand this correctly, but 27 locations and 25 machines each make some 700 clients? Something Cheap will definitely make your network Something Slow. You need something pretty good to cope with that traffic. Mind you, you may get away with something as simple as replacing your existing switch with a Layer-3 switch (and configuring that beast).
Thanks for the info. Can't dump the ISP routers, though. Also someone else suggested a using a switch that would support vlan, but I don't think that gives me what I want. The path to the Internet is through the ISP router; I just want the destination for the access to be my proxy server. I used a PIX firewall to control this in the past, and since I onlywant this one function, maybe an inexpensive product is available. Note that each of the 27 locations is its own workgroup with its own ISP connection. I only supply the computers and the switches for the 25 connections. So I am still in the hunt. Thanks.
Samstoned
Posts: 1,009 +0
are you telling us that you are not allowed to make a new password in the router
I don't believe it why would they do that to you
with the money you are spending with them thats just plan ridiculous
the only solution I can think of is add another router that you control
or as you said a 3 layer switch that may cost more than the router
put them in a lock box your done
after thought ,why do you give them admin rights to the machines
I don't believe it why would they do that to you
with the money you are spending with them thats just plan ridiculous
the only solution I can think of is add another router that you control
or as you said a 3 layer switch that may cost more than the router
put them in a lock box your done
after thought ,why do you give them admin rights to the machines
You only have one proxy server right? (not one at each location?)
A VPN solution would probably give you the best control. Something as simple as a Linksys BEFVP41 will allow you to block all IPs from accessing internet. You can then set up a VPN to your central network where your proxy server is and all internet access will have to go through it. The BEFVP41 will allow for password protection and remote admin, though if your remote offices are savey they can just reset the router and access the internet (but you can give them hell for that later).
The endpoints at the central location might be able to be run through another BEFVP41. This will be rather a large saturation at the central location though as all internet traffic will go both in an out at that point.
If you have file and print servers at each location you could possibly use them as a proxy...
But maybe someone else has better ideas as I've never had to set up something with that many locations.
A VPN solution would probably give you the best control. Something as simple as a Linksys BEFVP41 will allow you to block all IPs from accessing internet. You can then set up a VPN to your central network where your proxy server is and all internet access will have to go through it. The BEFVP41 will allow for password protection and remote admin, though if your remote offices are savey they can just reset the router and access the internet (but you can give them hell for that later).
The endpoints at the central location might be able to be run through another BEFVP41. This will be rather a large saturation at the central location though as all internet traffic will go both in an out at that point.
If you have file and print servers at each location you could possibly use them as a proxy...
But maybe someone else has better ideas as I've never had to set up something with that many locations.
Found the solution
We have purchased a wireless Airspot G Public/Private Gateway and my boss has been playing with this. He has found a way to block access if not directed to our proxy server. While I still think it could be accomplished with a wired gateway, we will be going wireless down the road. Not sure how he set it up yet. Thanks for the posts on this issue.
We have purchased a wireless Airspot G Public/Private Gateway and my boss has been playing with this. He has found a way to block access if not directed to our proxy server. While I still think it could be accomplished with a wired gateway, we will be going wireless down the road. Not sure how he set it up yet. Thanks for the posts on this issue.
- Status
Similar threads
Latest posts
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
-
Google is cracking down on third-party apps that block YouTube ads- Athlonite replied
-
New charging algorithm could double life of li-ion batteries- Endymio replied
