Find the answer to your Linux question:
Results 1 to 7 of 7
Can somebody tell me how I can manage allow/disallow internetaccess for e.g. computer1 (ip:192.168.2.30) on specific times ? SO: I want a timeslot for internet for specific machines: not only ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Posts
    3

    Question Timebased internet access ??


    Can somebody tell me how I can manage allow/disallow internetaccess for e.g. computer1 (ip:192.168.2.30) on specific times ?

    SO: I want a timeslot for internet for specific machines: not only http but for ALL ACCESS to EVERY PORT.

    PLEASE: give us a working example..

    MANY THANKS IN ADVANCE !!!

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Look at using cron jobs to update iptable rules set.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    you could also use squid proxy server and use it to control access

  4. #4
    Just Joined!
    Join Date
    Aug 2008
    Posts
    3

    Wink squid

    Quote Originally Posted by jledhead View Post
    you could also use squid proxy server and use it to control access
    Can you tell me how ?

    The http-access is controlled already, enabled from 07:00 til 23:00 for a few local computers. But all other ports (for gaming, etc) are still open.

    How can I manage that ?

  5. #5
    Just Joined! garyalex's Avatar
    Join Date
    Jun 2008
    Location
    Johannesburg, South Africa
    Posts
    16
    Squid normally controls access to non-http ports. Are you using squid for access control, or is it setup via iptables masquerade rules?

  6. #6
    Just Joined!
    Join Date
    Aug 2008
    Posts
    3

    Talking squid problem

    Quote Originally Posted by garyalex View Post
    Squid normally controls access to non-http ports. Are you using squid for access control, or is it setup via iptables masquerade rules?
    Sorry, but I have no much knowledge about this all
    But it's done with squid (webbased interface from Clarkconnect Linux).
    I have exported the iptables with "iptables-save > iptables.conf" and I can't see anything which is controlling the current setup as described above.

    In squid.conf I see a lot of things I have setuped by using the webinterface.

    A few lines:

    acl pcntime-kidsinternetopen time SMTWHFA 07:30-22:30
    acl pcngroup-PETER arp 00:02:2D:56:A1:36 00:00:39:36:C8:B2 00:E0:18:FC:9B:79

    http_access deny pcngroup-PETER !pcntime-kidsinternetopen
    http_access allow pcngroup-PETER_homework pcntime-homework

    These lines give internet HTTP access to the client PETER from 07:30 til 22:30.

    But all other ports (which are normally enabled) stays 24hr open, and I need to close the access to these specific ports too like the HTTP access above.

    Any ideas how to manage that too with squid ?

    Any help is really appreciated !!!

  7. #7
    Just Joined! garyalex's Avatar
    Join Date
    Jun 2008
    Location
    Johannesburg, South Africa
    Posts
    16
    Generally there are rules such as this in the squid default config that deny access to non-safe ports:

    Code:
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl Safe_ports port 901         # SWAT
    http_access deny !Safe_ports
    Is this in your config?

    You can then disable and enable ports by commenting out these lines or adding new...

    You would probably want to disable this line:

    Code:
    acl Safe_ports port 1025-65535  # unregistered ports

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •