Say you have a computer acting as a gateway to the internet. Someone on the local network has root access to a (his) computer, and to a computer on the other side of the gateway.
You've implemented a cheerfully draconian approach to security. Say a "no porn" or "no pirate bay" stance, in UK Government fashion. Unfortunately for you as the gateway owner, everyone with access to Google has come across VPN and ssh tunnels. How can you restrict traffic despite these?
I'm drawing a blank. Routing http(s) traffic over ssh on whatever port you like is trivial. The next level up is forcing everything through a http proxy, in which case corkscrew or similar efforts route ssh through the proxy.
I think the only option is to plead with the user to obey your policies and try to ignore those who don't. However I'm very much a novice with networking and would like to know whether blocking websites hosted in other countries is technically feasible despite the above. Any thoughts?
You've implemented a cheerfully draconian approach to security. Say a "no porn" or "no pirate bay" stance, in UK Government fashion. Unfortunately for you as the gateway owner, everyone with access to Google has come across VPN and ssh tunnels. How can you restrict traffic despite these?
I'm drawing a blank. Routing http(s) traffic over ssh on whatever port you like is trivial. The next level up is forcing everything through a http proxy, in which case corkscrew or similar efforts route ssh through the proxy.
I think the only option is to plead with the user to obey your policies and try to ignore those who don't. However I'm very much a novice with networking and would like to know whether blocking websites hosted in other countries is technically feasible despite the above. Any thoughts?