Peter What is the OS / browser are they running? Its more specific then just "an account on one machine". I take it other accounts need full access too.
Chris I run squid on my home lan to block adverts / see the URLs the kiddies visit. The server is also my media server and (when I get around to it) my SIP server too.
Subject: Re: [ALUG] blocking net but not lan on one pc
On Fri, Mar 28, 2008 at 01:12:44PM +0000, mbm wrote:
On Fri, 28 Mar 2008 13:05:01 +0000 Chris G cl@isbd.net allegedly wrote:
On Fri, Mar 28, 2008 at 12:55:27PM +0000, mbm wrote:
This leaves the proxy or firewall as the place to enforce the deny policy on the client(s) in question.
... but surely (at least on a small setup) it's *far* easier to do the settings all in one place (the router) rather than configuring each PC.
I'm thinking here of a small LAN (like a small office or SoHo LAN) where users may well have full (i.e. admin) access to their own PCs. The 'secure' place to configure their access to the outside world is on the firewall (be it a router or separate box) between them and the outside world.
Ummm - that's what I said.
... and it's what I thought I originally said too! :-)
The router denys all oubound access except from one point - the proxy.
None of the places I know about have a proxy as such. It's surely not normal to have one on a small home/SoHo LAN, you just tell all systems (probably automatically) what their default route is and that's it.
We don't have one at work either.