Ok, so we got a OpenSuse server, setup which is used as a file storage and dhcp / dns for the production computers, I just had a request from the management to look at blocking internet on these production pc’s during particular times (ie allow it at break periods). I don’t have much experience of OpenSuse and it’s been there and worked (so left it alone, and more headaches with the Office Windows systems). So any one got any suggestions on a way of managing the internet traffic bar during particular periods of the day, either point me in right direction or a howto guide for it.
On 2012-05-01 15:56, Enazel wrote:
>
> Ok, so we got a OpenSuse server, setup which is used as a file storage
> and dhcp / dns for the production computers, I just had a request from
> the management to look at blocking internet on these production pc’s
> during particular times (ie allow it at break periods). I don’t have
> much experience of OpenSuse and it’s been there and worked (so left it
> alone, and more headaches with the Office Windows systems). So any one
> got any suggestions on a way of managing the internet traffic bar during
> particular periods of the day, either point me in right direction or a
> howto guide for it.
Ok, the first thing: upgrade that server. 11.2 is out of maintenance,
doesn’t have security updates and that puts you at risk. Or, you can
consider evergreen.
Then, blocking internet securely to me means having a dual port machine
through which everything is routed. Is it?
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
Carlos E. R. wrote:
> On 2012-05-01 15:56, Enazel wrote:
>> Ok, so we got a OpenSuse server, setup which is used as a file storage
>> and dhcp / dns for the production computers, I just had a request from
>> the management to look at blocking internet on these production pc’s
>> during particular times (ie allow it at break periods). I don’t have
>> much experience of OpenSuse and it’s been there and worked (so left it
>> alone, and more headaches with the Office Windows systems). So any one
>> got any suggestions on a way of managing the internet traffic bar during
>> particular periods of the day, either point me in right direction or a
>> howto guide for it.
> Then, blocking internet securely to me means having a dual port machine
> through which everything is routed. Is it?
The normal name for the dual-ported machine is ‘firewall’ 
I’d think that usng firewall rules would be a better idea than messing
with the configuration of any servers or PCs. And call me old-fashioned
but I certainly wouldn’t be using a file server as a firewall.
I confess I don’t really have any idea why the opensuse server is
involved in blocking internet on the production pcs. Or indeed why
anybody would be [allowed to be] using production pcs for internet
access during breaks or any other time. But perhaps ‘production pc’
means something different to my expectation.
On 2012-05-01 16:41, Dave Howorth wrote:
> Carlos E. R. wrote:
> The normal name for the dual-ported machine is ‘firewall’
Usually
> I’d think that usng firewall rules would be a better idea than messing
> with the configuration of any servers or PCs. And call me old-fashioned
> but I certainly wouldn’t be using a file server as a firewall.
Me neither, but…
If the place is small, servers tend to concentrate roles.
> I confess I don’t really have any idea why the opensuse server is
> involved in blocking internet on the production pcs.
Because in Windows they do.
You can define rules in a domain AD server so that the domain members can
not browse or use this or that software. It gets very complex. AD server in
Linux is not finished, needs samba 4.
I’m not saying I like the idea, only that there is such usage.
> Or indeed why
> anybody would be [allowed to be] using production pcs for internet
> access during breaks or any other time. But perhaps ‘production pc’
> means something different to my expectation.
Because they don’t have other PCs. Each business, different rules. If they
want to allow some relax, during the time for relax, why not? As long as
they follow the rules for safe usage…
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)