Results 1 to 7 of 7
Can somebody tell me how I can manage allow/disallow internetaccess for e.g. computer1 (ip:192.168.2.30) on specific times ?
SO: I want a timeslot for internet for specific machines: not only ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-15-2008 #1Just Joined!
- Join Date
- Aug 2008
- Posts
- 3
Timebased internet access ??
Can somebody tell me how I can manage allow/disallow internetaccess for e.g. computer1 (ip:192.168.2.30) on specific times ?
SO: I want a timeslot for internet for specific machines: not only http but for ALL ACCESS to EVERY PORT.
PLEASE: give us a working example..
MANY THANKS IN ADVANCE !!!
- 08-17-2008 #2Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,629
Look at using cron jobs to update iptable rules set.
- 08-17-2008 #3Linux Engineer
- Join Date
- Oct 2004
- Location
- North Carolina
- Posts
- 1,077
you could also use squid proxy server and use it to control access
- 08-17-2008 #4Just Joined!
- Join Date
- Aug 2008
- Posts
- 3
squid
Can you tell me how ?
Originally Posted by jledhead 
The http-access is controlled already, enabled from 07:00 til 23:00 for a few local computers. But all other ports (for gaming, etc) are still open.
How can I manage that ?
- 08-18-2008 #5Just Joined!
- Join Date
- Jun 2008
- Location
- Johannesburg, South Africa
- Posts
- 16
Squid normally controls access to non-http ports. Are you using squid for access control, or is it setup via iptables masquerade rules?
- 08-18-2008 #6Just Joined!
- Join Date
- Aug 2008
- Posts
- 3
squid problem
Sorry, but I have no much knowledge about this all Originally Posted by garyalex 
But it's done with squid (webbased interface from Clarkconnect Linux).
I have exported the iptables with "iptables-save > iptables.conf" and I can't see anything which is controlling the current setup as described above.
In squid.conf I see a lot of things I have setuped by using the webinterface.
A few lines:
acl pcntime-kidsinternetopen time SMTWHFA 07:30-22:30
acl pcngroup-PETER arp 00:02:2D:56:A1:36 00:00:39:36:C8:B2 00:E0:18:FC:9B:79
http_access deny pcngroup-PETER !pcntime-kidsinternetopen
http_access allow pcngroup-PETER_homework pcntime-homework
These lines give internet HTTP access to the client PETER from 07:30 til 22:30.
But all other ports (which are normally enabled) stays 24hr open, and I need to close the access to these specific ports too like the HTTP access above.
Any ideas how to manage that too with squid ?
Any help is really appreciated !!!
- 08-18-2008 #7Just Joined!
- Join Date
- Jun 2008
- Location
- Johannesburg, South Africa
- Posts
- 16
Generally there are rules such as this in the squid default config that deny access to non-safe ports:
Is this in your config?Code:acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT http_access deny !Safe_ports
You can then disable and enable ports by commenting out these lines or adding new...
You would probably want to disable this line:
Code:acl Safe_ports port 1025-65535 # unregistered ports
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
