2017-05-28 - Re: [GRASE-Hotspot] how to setup grase as a router - NAT enabled

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: f691f95cd848c647d03a732ace9d9f2294e4aa73fdcd59d675e4116d1267d625
Message ID: <CAESLx0L9E+vT1VnY4EDARdXZRsCqomLFWAecB0O69K_zCj+zQQ@mail.gmail.com>
Reply To: <CAPYsbFapjGd+VkcwO4XRq_ST4qnOkdmz4vbnK2MP9S-Jro1REA@mail.gmail.com>
UTC Datetime: 2017-05-28 14:29:37 UTC
Raw Date: Mon, 29 May 2017 07:29:37 +1000

Raw message 

Hi Tubeta

Basically, Grase already does all of this. By default, it NAT's, and due to
the NATing you end up with a firewall from the internet to the clients. It
also already routes, and being a Linux computer, can do much more advanced
routing if required. I wouldn't recommend trying any of that unless you are
familiar with Networking though.

As for preventing malware from internal computers, this is pretty hard for
any system to do. You can block what outgoing ports are allowed (using
Grase), but you'll quickly find it's either wack a mole trying to block
ports, or it's unusable because you've blocked so much, that many services
fail to work.

Lastly, if you can browse the internet, chances are malware can get in and
out. Malware is written to take advantage of anything you do on the
internet, and other than a few 0-day vulnerabilities, you are more likely
to be hit with malware that a user has accidentally clicked on.

Regards

Tim

On Mon, May 29, 2017 at 7:11 AM, Tubeta Taenang <tu***g@gmail.com>
wrote:

> Hello Tim and community developers,
>
> This is my third issue that I really want to tackle with the grase
> software. At work I am using the portal of Grase hotspot to manage my
> users' Internet usage! Here where I am working, Internet access is very
> critical for some aspect of our business and therefore it is required to be
> monitored and controlled in the best possible way to avoid any kind of
> abuse.
>
> Here is what I want to achieve:
>
> 1. Configure Grase to act as a router to allow traffic routing.
> 2. Configure Grase to do  NAT
> 3. Configure Grase firewall to prevent any kind of attack from the
> Internet or any malware originated form internal computers.
>
> I will apreciate any step by step guide and your advises on this.
>
> Thanks
> Tubeta
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at https://groups.google.com/a/
> grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit https://groups.google.com/a/
> grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFapjGd%2BVkcwO4XRq_
> ST4qnOkdmz4vbnK2MP9S-Jro1REA%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFapjGd%2BVkcwO4XRq_ST4qnOkdmz4vbnK2MP9S-Jro1REA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread