I've got a network of a few public computers and I would like users to be able to access only a some preselected sites and not access anything else even if they hook up to the network with their own computers. So that if they try to access any website that is allowed they can browse it but if users try to access anything else(website, send mail, instant mes, etc) they get a local page saying sorry the service is not allowed. But at the same time let a few selected users use the network unrestricted.
I was reading something that Squid could be used for this and and advanced IP table rules would do the trick?
But any other way would do so any ideas are welcome.
Thanks for the help
Squid will do exactly what you're specifying.
The basic idea in practice could go something like:
If you're providing NAT to the users...
Keep restricted users on one subnet and non-restricted users on another subnet. Your iptables rules only provide NAT to the non-restricted users. The restricted users can only access squid on the server's internal interface.
If you're not providing NAT to the users...
Set up iptables rules on each workstation that drop everything going outbound except traffic to the squid port on your server.
Ok cool, thanks for the reply anomie.
Yes I plan to provide nat because I would like users to be able to hook up with their computers and access the 3 or 4 allowed sites.
The system is meant for students on our campus so that they could access their online administration office and check a few campus forums and similar stuff. But I don't want users to use the network for other stuff accept a few selected computers which we could specify that could access the internet unrestricted.
I'm not sure yet but I'm probably going to use a BSD system instead of a linux system since I prefer the PF to IP tables.
But it's probably the same deal with squid.
So now I only need to figure out how squid works and how to filter out the allowed computers (probably on mac add. bases).
Thanks for the help
The official docs are here: squid : Optimising Web Delivery
And this guy seems to have put together a useful guide: Main Page - Squid User's Guide
Thanks anomie. I'll try configuring squid this week.
Hope I don't run into too much problems. :)
Nice day to all