On Mon, 2006-06-26 at 14:06 -0500, Patrick Murphy wrote:

> Tim explained this setup to me offlist - thanks Tim! It does eliminate
> the need for a SonicWall or similar device - but it may be hard to
> find someone at each colony capable of setting it up. I'll look into
> it as well.
> 
> I'm still, perhaps unrealistically, still hoping for an ISP-based
> solution. Since we are multi-family farms, we have young boys; some of
> them know far more about the computer than their parents, and because
> of them, the parents would prefer to have the Internet filtered before
> it arrives on the place.

How important is bandwidth?

If sacrificing bandwidth is an "OK" solution, perhaps something like
this is an option:

Colony:
Internet Connection -> router -> router with VPN client -> clients

Base:
Internet Connection -> VPN server -> Filter computer -> Internet
Connection

I hope this makes sense. Basically every colony doesn't get a connection
to the internet, their VPN client connects to the "Base" VPN server.
This VPN server could then block out whatever you'd like.

The benefit is it's relatively plug and play for the colonies, you set
up each box and mail it to them. They can set up their networks any way
they want, wired or WiFi. Since the router with VPN is their only
connection to the rest of the internet only physical access can bypass
it (unless they manage to hack the VPN router, possible, but easy enough
to secure).

At the base you can use a computer to act as the VPN server, or just buy
one. The whitelist filtering can then be done with a Linux or Windows
box. Since it's the only point that goes to the rest of the internet
it's the only point that needs configuring. You can also reconfigure it
remotely if you wish.

The bad side of this idea is the all the internet traffic from the
colonies will come through the "Base's" internet connection. If you're
dealing with just a few emails and web pages that's probably OK. If
you're dealing with streaming video or thousands of clients, that won't
be OK.

Basically you are creating a pseudo ISP that the clients connect to
through VPN.

Costs shouldn't be too bad. The VPN client routers are getting pretty
cheap (since they are in the consumer space now), VPN servers are a
little more expensive, but you only need one.

TTYL

Good luck! TTYL

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist