These any good? Yoggie Security Systems
Alternatively, a "DMZ" zone of your existing firewall, and patch the user into a different switch/wireless net?
Not sure if such a thing exists but what I imagine is a small device about the size of a packet of cards.
2 ethernet ports on it one each end, client & network, usb lead which gives the device it's power.
Visitor to site asks if they can use the internet, sure, you plug their laptop into the client port and then the network port is connected to your netowkr, the device then gives their laptop and ip address and only allows traffic through on ports 80 and 443.
I've looked ath yoggie devices but they require drivers to be installed on the machine.
A DMZ would be inflexible really.
With the type of device I mentioned you could loan it to the person when they come on to site and then they could plug into any network point and be filtered for only internet access, then some form of management console that can download logs I suppose.
That yogi device looks ideal, it even uses the usb for power just like I wanted.
If I get one of those and ssh into then issue the following:
iptables -I FORWARD 1 -p tcp -m multiport --dport 80,443 -j ACCEPT
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -j DROP
It would only forward traffic on 80 and 443 can I also allow it to only forward traffic to our proxies ip address?
There are currently 1 users browsing this thread. (0 members and 1 guests)