Hi Robert, Monday, June 26, 2006, 1:55:41 PM, you wrote: > First, let me see if I understand the problem correctly: > 1) There are quite a few communities which want to be able to access the > internet in a controlled fashion. Yes. From 20 to perhaps 75+ communities right away, and possibly more. > 2) The local community leadership decides what the community should be able > to access. Yes. > 3) The desired white-list is community specific (although probably quite > similar from community to community) Yes. Some communities are also involved in manufacturing, and may not want to share some of their web sites with other communities who compete with them. > 4) There is some form of inter-community cooperation that would make a > 'global' solution appropriate. Yes. > 5) Each community will have its own physical connection to the internet, > probably through many different ISPs. Right now that is the case, with most colonies on a Dial-up plan or broadband. However, a desired solution would be one where one, or perhaps two ISP's (one for the US, one for Canada, if necessary) would provide pre-filtered Internet. As I wrote in response to Gehard's post, there is at least one ISP offering to provide us with possibly what we are looking for; I just got that email this afternoon. The second solution, should the first be unfeasible, is clearly shaping up to be what you are describing below. > -------------------------------- > If those are the parameters, then this is the solution I see: > 1) The connection to the local ISP is made through hardware only accessible > to the community leadership. Okay. > 2) A simple router be inserted between the community and the ISP connection. > 3) Disable any 'default' routes on the router and establish explicit routes > to the 'whitelist' sites only. > 4) Use remote administration from a central location to manage the routers. That might be something we would hire someone to manage. > 5) Have a standard 'white-list' default of routes that is sent to all the > routers. > 6) Allow each community to establish a private 'white-list' extension and > 'black-list' override using a web tool to the central location. Sounds good. > 7) This central location could also maintain SMTP and POP3 servers to manage > email for all the communities. This would allow virus detection/removal and > spam control to be done centrally. Sounds interesting. Steps four through seven could apply to an ISP-based solution as well. > Bob Ammerman > RAm Systems Thanks Bob! -- Best regards, Patrick Murphy James Valley Colony -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist