I currently have a nagios box running on Opensuse 11.1.
I am thinking about either Installing a web filter on the box
or creating another dedicated box. I’m thinking that my webfilter box would need two nics?
Wondering if it would be easier to install a webfilter on the nagios box or to create a new dedicated box for it?
What is the easiest most reliable open 3rd party webfilter app?
Open to suggestions?
On Wed, 17 Sep 2014 15:36:02 +0000, bperrotta wrote:
> I currently have a nagios box running on Opensuse 11.1.
> I am thinking about either Installing a web filter on the box or
> creating another dedicated box. I’m thinking that my webfilter box would
> need two nics?
> Wondering if it would be easier to install a webfilter on the nagios box
> or to create a new dedicated box for it?
> What is the easiest most reliable open 3rd party webfilter app?
> Open to suggestions?
Depends on what your goals are - there are lots of things that “webfilter”
might mean. So…what are your goals with this setup?
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
As a starting point you might want to look at SQUID as proxy, with SquidGuard to filter based on URL blacklists.
As far as using your existing server vs another one, either would work, but I’d suggest you use another one if possible, if only to use the opportunity to install a more recent version of openSUSE.
You only need multiple NICs if you connect to multiple physical networks. Because of the serial nature of TCP/IP bits, more NICs ordinarily won’t benefit you in any way. But, you will likely want to configure a different interface or other network object for your “in” and “out.” To a certain extent, your choices may depend on whether you are running virtual machines or not.
As for the “web filtering,” it probably depends on what you intend to filter.
For starters, you can filter
potentially dangerous scripts and other malware
Full blown anti-spam and anti-virus
You also need to decide on your “platform” whether it’s a proxy or simple filter.
A simple filter is like a window screen, data flows but some are blocked according to rules… The client and server maintains a session between themselves. You get best performance with this.
A proxy is different than a simple filter because it breaks the session between source and destination, terminating the connection in each direction and acting as a middle-man. Data can be more deeply inspected and because its the endpoint of the session, any malware would attempt to run on the proxy instead of the actual source/target(you can take further steps to sandbox and limit functionality to the malware). Because of the overhead involved in packet inspection and re-creation, proxies are noticeably slower than simple filtering.