Yup, a bit like that. With a proper router like pfSense, ICS is not only redundent, but a hinderance.
Ideally you'd want something like this:
Client|AD Server->Switch->pfSense->ADSL modem->Internet
You could configure the linux box to act as the primary domain controller anyway.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
the problemn I have is that the company do not want to change the way their DC works, they want it to stay using ICS.
This is because the guy who runs the network has decided that he wants to keep it as it is but impliment a way of tracing and blocking websites.
Last edited by Jay; 18-09-2007 at 07:37 PM.
□ΞVΞ□
OP, why must it be untraceable? Doesn't that leave you in some legal quagmire?
AD as in Active Data or Active Directory? This article (failrly old as it refers to Red Hat 9) http://us1.samba.org/samba/docs/man/...e/DomApps.html describes using a RH9 Samba server with Acive Directory (and with Squid - getting back on topic!)
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
.I would advise doing this centrally only as you will create very heavy traffic especially at peak times, IE just before lunch and home time, as this is when most people will be either surfing the net or printing.
I you want to fully control what people use and are capable of seeing you can either get a third party to do it for you at ISP level or use something like ISA, if you just "Ghost" a user you wont have any logs available to back up your findings
Life is like Computing, just when you get it all working properly, Bits need replacing
I cant see how he can do this; basically if they want to carry on using ICS they can't implement any other system to monitor internet access. Anything the otherside of ICS will just pick up the server doing NAT and log the server accessing the internet so wont be of any use.
If you install a proxy or other software on the DC then the ICS service will be a loophole people could use to work around the proxy. Also if they use the new proxy/extra software ICS is made redundant. Sounds like you need to be firm with the company and explain that it's not possible to keep both technologies.
If they want to control internet access they have to replace the ICS with something that will do the job, like many of the suggestions on this thread.
There are currently 1 users browsing this thread. (0 members and 1 guests)