Hi,

I have a debian style distro (DSL) running a Linux server box, using 2 NICs: one to receive an ADSL feed and the other to serve it to a home LAN. The users on the LAN have static IP addresses.

I am using a simple IP tables solution for the NAT.

Does anyone know a way (or a debian package) that will allow me to control the connect times (or time periods) for specific users on the LAN?

Can provide full details of the server setup if needed.

Thanks,

Geoff.

POM (iptables patch-o-matic) has a patch to add 'time of day' hooks to your iptables rules. Is this what you mean? Or are you looking for something to control the duration of access?

Looks like you could use squid. http://www.linuxdevcenter.com/pub/a/...t_gateway.html

Alternatively, if all the machines are linux and you're the only admin, you could just create a cronjob to ifdown eth0 and ifup eth0 at specific times of day on each machine...

As for IPtables, I'm no expert, but I found this thread which shows a partial solution...

Hi,

Thanks for your replies.

Not sure if the IP tables patch will be suitable, given that I am using a very stripped back distro (Damn Small Linux) because of limited capabilities of the linux server (the whole thing runs off a 256mb usb stick).

But, using IP tables rules via a cron job has appeal. Will give it a go.

However, what I hoped to get was a package/routine that monitored the usage by an individual IP address, limiting the access of that IP to a specfied time period per day.

Thanks again,

Geoff.

That is exactly what the time-of-day patch adds hooks for. See:
http://www.netfilter.org/projects/pa...#pom-base-time

As long as you can patch and rebuild the kernel you should have no problems, and it seems to me the kernel patch will use way less resources on your server than a user-space solution.

Hi,

Thanks for the further help.

Am currently travelling but when I get home will have a shot at patching the kernel. I am unsure how this will go on the DSL setup, as it is rather "stripped back", ie: it probably doesn't have the utilities required to patch the kernel. But, it sure looks like a solution.

Thanks again,

Geoff.

I was assuming you would do this on a host system before moving it to the USB drive...

Thanks for the continued help.

Yes, I will try the routine on a 'standard' HD-installed version of DSL, with whatever additional packages, etc. are required to try and patch the kernel. Presuming that this goes OK, I will then 're-strip' the installation and write out a new compressed DSL system, to use in my 'frugal' style USB installation.

Looking at the above reminds me of the time (many years ago!) when I thought I would replace the clutch in my old front wheel drive car. The instructions didn't look too daunting until I noticed that the first line read "1) Remove engine."

I am a little surprised, with all the fuss about controlling children's access to the net in particular and to spending too much time on their PC in general, that there are no packages available that will allow easy control of network/internet access by user (or IP address).

Reckon some bright person should write such a package.

Thanks again,

Geoff.

Hi,

Posed the above question some time ago.

Am curious as to whether anyone knows of a package (debian preferably) that allows a lan server to allow/deny access to the lan for particular IP addresses based on time of access and accumulated access time over (say) a 24 hour period?

Regards,

Geoff.

Can you think of a crontab that interchanges the iptables rules periodically.
I mean you can prepare two separate rule sets to allow/deny the IPs you need. and then interchange the IPTABLES file periodically using crontab .

Thanks for the suggestion.

Had thought of the crontab approach but this will not allow (to my limited understanding) the possibility of limiting particular IP addresses to a set quota of time/downloads per day.

Any ideas on the time/downloads quota?

Could I know what you mean by time/downloads ?