Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I've got a network of a few public computers and I would like users to be able to access only a some preselected sites and not access anything else ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2006
    Location
    Slovenia
    Posts
    79

    intercepting traffic


    Hi,

    I've got a network of a few public computers and I would like users to be able to access only a some preselected sites and not access anything else even if they hook up to the network with their own computers. So that if they try to access any website that is allowed they can browse it but if users try to access anything else(website, send mail, instant mes, etc) they get a local page saying sorry the service is not allowed. But at the same time let a few selected users use the network unrestricted.
    I was reading something that Squid could be used for this and and advanced IP table rules would do the trick?
    But any other way would do so any ideas are welcome.

    Thanks for the help

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Squid will do exactly what you're specifying.

    The basic idea in practice could go something like:

    If you're providing NAT to the users...

    Keep restricted users on one subnet and non-restricted users on another subnet. Your iptables rules only provide NAT to the non-restricted users. The restricted users can only access squid on the server's internal interface.

    If you're not providing NAT to the users...

    Set up iptables rules on each workstation that drop everything going outbound except traffic to the squid port on your server.

  3. #3
    Just Joined!
    Join Date
    Apr 2006
    Location
    Slovenia
    Posts
    79
    Ok cool, thanks for the reply anomie.

    Yes I plan to provide nat because I would like users to be able to hook up with their computers and access the 3 or 4 allowed sites.
    The system is meant for students on our campus so that they could access their online administration office and check a few campus forums and similar stuff. But I don't want users to use the network for other stuff accept a few selected computers which we could specify that could access the internet unrestricted.
    I'm not sure yet but I'm probably going to use a BSD system instead of a linux system since I prefer the PF to IP tables.
    But it's probably the same deal with squid.
    So now I only need to figure out how squid works and how to filter out the allowed computers (probably on mac add. bases).

    Thanks for the help

  4. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    The official docs are here: squid : Optimising Web Delivery

    And this guy seems to have put together a useful guide: Main Page - Squid User's Guide

  5. #5
    Just Joined!
    Join Date
    Apr 2006
    Location
    Slovenia
    Posts
    79
    Thanks anomie. I'll try configuring squid this week.
    Hope I don't run into too much problems.

    Nice day to all

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •