> FWIW, there is a Linksys router (I think it's Linksys) that hosts Linux. 
> It
> has quite a community also. More flexible than other, "normal" hardware
> routers.
>
> Gerhard
>

Now you're talking!

Because the router doesn't have conventional media (ie: floppy or CD) access 
it would be much more secure than a standard PC.

Also, I have figured out how to handle the whitelist/blacklist based on 
domain name instead of IP address. This is very important because, for 
example:

    xxxx.mydomain.com

and

   yyyy.mydomain.com

can have completely unrelated IP addresses.


So, now my solution is:

1) At each colony have the LINKSYS router running LINUX with the following 
pieces in it:

A) Normal router and NAT functionality. The routing table will only have 
explicit routes to whitelist sites for that router.

B) The upstream DNS server for the router will be the central server. Thus, 
when anyone at the colony attempts to access a site by a domain name that 
hasn't been seen, the router will send that name to the central server for 
resolution.

B) A custom server program to allow remote maintenance of the routing table. 
Rather than using standard remote access tools this will make hacking less 
likely I would think.

C) Port filtering to firewall all ports except a limited set. Email ports 
would only be open to the central server.

Note that each colony can use whatever ISP they wish and will get the 
bandwidth and latency they pay for. However, it is important that the ISP 
provide a reasonably secure connection requiring a password, and that the 
password never be in the possession of untrusted people at the colony, or 
else that the physical connection to the ISP be secure.

2) A central location running a server providing the following functions:

A) Providing a generic whitelist of default usable domains for all colonies.

B) Providing password-protected web access to trusted colony personnel to 
add custom whitelist entries for their colony to a database on the server.

C) Providing password-protected web access to trusted colony personnel to 
view the generic whitelist and checkmark any entries that they wish 
blacklisted for their colony.

D) Maintaining a local shadow copy of the routing tables for each of the 
remote sites.

E) A tweaked DNS server that compares DNS inquiries from the sites to the 
local database. If the domain is in the whitelist for the colony, then the 
server will resolve it, and if necessary, update the routing table at the 
colony to include a route to the IP address of the site, before returning 
the DNS result to the colony's router. If the domain is not valid, then the 
server will resolve it to the IP of a virtual web server running on the 
central web server which will return a "So Sorry: The website you tried to 
access is bad news! Now be nice!" message.

F) Remotely maintaining the routing tables at the colonies by updating them 
when whitelist/blacklist changes occur, and also when a DNS search shows a 
new IP address for a site.

G) Provide email servers for use by all the colonies with appropriate spam 
filtering.


Finally, a modest extension of this scheme would allow multiple whitelist 
levels in a community, with password access to more open lists.



Bob Ammerman
RAm Systems


-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist