Linux router / gateway internet restrictions

Rancid · 09-17-2003, 05:58 PM

Hi,
in our company we're getting a highspeed cable connection and we want to share this internet connection with approximately 8 workstations.

However my boss has come up with some limitations regarding the users.

- From 8.00 to 12.00 hour he wants to limit websurfing to 5 selected websites.
- We have a break from 12.00 to 13.00 hour and then we're allowed to surf freely.
- Limited websurfing has to be applied again from 13.00 till 17.00 hour.
- Email can be used all day.

I want to place a Linux (RedHat) router between the cablemodem and the rest of the network. Does anyone know how I can apply the rules listed above?

Thanx in advance!

seabass55 · 09-17-2003, 08:36 PM

Here's how I do it with the kids...

#Machine Stop
#Stops machine from using internet
#!/bin/bash
iptables -t filter -I FORWARD -i eth1 -s 192.168.0.${1} -j DROP
iptables -t filter -I FORWARD -i eth1 -d 192.168.0.${1} -j DROP

#Machine Start
#Vice versa
#!/bin/bash
iptables -t filter -D FORWARD -i eth1 -s 192.168.0.${1} -j DROP
iptables -t filter -D FORWARD -i eth1 -d 192.168.0.${1} -j DROP

The run the above scripts in crontab at whatever time you want. Syntax would be
$ stopmachine 5 (to stop 192.168.0.5)
Adjust to your needs/ip's/ports

newbuddy · 09-18-2003, 11:33 AM

good suggestion

toovato · 09-18-2003, 01:24 PM

How will this limit access to five sites, unless you build rules for all five sites?

You can use squid (proxy server)
maybe a better choice.

Webmin makes a module for it that you can highly configure it - also content filtering programs like squidguard and dansguardian work with squid to filter content - both also have webmin modules

www.webmin.com

seabass55 · 09-18-2003, 06:30 PM

gee building accept rules to 5 sites is really hard huh?

unSpawn · 09-18-2003, 06:47 PM

What if you put those five addresses in a separate chain?
Then you'll only have to change the jump target rule.

Rancid · 09-19-2003, 10:57 AM

Thanx everyone! With this information I should be able to accomplish my task.

aqoliveira · 09-19-2003, 05:21 PM

My boss also applied the same restriction with my company and I used a squid proxy with squidguard running on top of it which worked wonders. There is a alternative to squidguard I never used it but they say itś pretty good and that is Dansgaurdian. Both these apps come with blacklists which are updated weekly.

Have a look ....

chow

Rancid · 09-21-2003, 06:33 PM

Thank you for mentioning Dansguardian, I have visited its website and downloaded the program. I have not installed it yet but it looks promising.

It's blacklists will come in handy during the break when our employees are allowed to surf "freely", freely is in quotes because they are not allowed to visit porn sites and such at work.