DrSax has asked for the wisdom of the Perl Monks concerning the following question:

I'm posting this here because I may write a Perl NNTP proxy to do what already exists in another package. Though the joys of writing my own would be great, I would be willing to abandon this effort if there were another (easier) way to accomplish what I want. Besides, I get enough joy writing Perl at work all day long. :-)

Here is what I want to do:

I have a home network that uses a Linux host to IP masquerade a number of PCs. To the ISP I am one host, inside my house I am many.
I want to be able to restrict what Usenet groups are available, but rather than use content-based filtering, like most of the commercial products (I can handle HTTP seperately), I want to base my newsgroup filtering on a whitelist of newsgroups. This can be a hierarchy, such as alt.binaries.sounds.* or just a single group like alt.pictures.scenic. I want to do this not from the client machines on the network, but from the Linux server that is serving up IP to everybody, so that I have maximum control on how I do it.

What I want to know is this: Is there already a collection of tools that would handle this for me, or would I write an NNTP proxy in Perl and create a service for it on my MASQuerader that would represent the news service?

Currently I use IP-CHAINS to handle firewall issues, but I'm not aware that I can get the granularity with CHAINs that I want.

You thoughts, brethren, are always appreciated.

Brian - a.k.a. DrSax

Replies are listed 'Best First'.
Re: NNTP filtering and whitelists
by jepri (Parson) on Jun 01, 2001 at 08:34 UTC
    My answer has nothing to do with perl, your solution is fairly easy to do with available (non - perl) tools.

    Lock off NNTP masquerading, and run your own NNTP server on your masquerading box. I think every NNTP server allows you to choose the newsgroups you want to offer. In a way, every NNTP server is a proxy, since they pass messages to each other.

    The only flaw with this is that you will have to store the messages on the firewall, but if you lock off the binaries groups there will probably only be a few megs per day.

    Even better, some NNTP servers have a "cache on demand" function. They won't download a newsgroup until a client (program) requests it. The server then goes and fetches it from the upstream feed. My old ISP used to do this, and it worked well.

    Can't remember what the programs are called, but your distro will have at least one of them.

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

[reply]
Re: NNTP filtering and whitelists
by blue_cowdawg (Monsignor) on Jun 01, 2001 at 08:01 UTC

    Brian, it sounds to me like you are writing an NNTP proxy of sorts. At least that's how I'd approach it.

    The way I would envision it is setting up a daemon that listens for the NNTP port and when someone connects to it a connection is made by the daemon (or a child of the daemon) in turn to the real NNTP server.

    Actually... instead of a daemon let inetd kick it off.

    As far as the clients inside your private cloud would be concerned they are talking to an NNTP server on whatever machine you set up the proxy on.

    I realize that I have hand-waved all over the place on this but my blood sugars are heading south and I'm tired to boot...

    Peter L. BergholdSchooner Technology Consulting, Inc.
    Peter@Berghold.Netwww.berghold.net
    Unix Professional Services
[reply]
Re: NNTP filtering and whitelists
by strredwolf (Chaplain) on Jun 01, 2001 at 23:16 UTC
    Take a look at LeafNode, though Freshmeat. I think that will give you what you're looking for.

    --
    $Stalag99{"URL"}="http://stalag99.keenspace.com";

[reply]

Back to Seekers of Perl Wisdom