LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-17-2003, 05:58 PM   #1
Rancid
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Rep: Reputation: 0
Linux router / gateway internet restrictions


Hi,
in our company we're getting a highspeed cable connection and we want to share this internet connection with approximately 8 workstations.

However my boss has come up with some limitations regarding the users.

- From 8.00 to 12.00 hour he wants to limit websurfing to 5 selected websites.
- We have a break from 12.00 to 13.00 hour and then we're allowed to surf freely.
- Limited websurfing has to be applied again from 13.00 till 17.00 hour.
- Email can be used all day.

I want to place a Linux (RedHat) router between the cablemodem and the rest of the network. Does anyone know how I can apply the rules listed above?

Thanx in advance!
 
Old 09-17-2003, 08:36 PM   #2
seabass55
Member
 
Registered: Jan 2003
Location: 127.0.0.1
Distribution: Fedora&Gentoo
Posts: 207

Rep: Reputation: 30
Here's how I do it with the kids...

#Machine Stop
#Stops machine from using internet
#!/bin/bash
iptables -t filter -I FORWARD -i eth1 -s 192.168.0.${1} -j DROP
iptables -t filter -I FORWARD -i eth1 -d 192.168.0.${1} -j DROP

#Machine Start
#Vice versa
#!/bin/bash
iptables -t filter -D FORWARD -i eth1 -s 192.168.0.${1} -j DROP
iptables -t filter -D FORWARD -i eth1 -d 192.168.0.${1} -j DROP

The run the above scripts in crontab at whatever time you want. Syntax would be
$ stopmachine 5 (to stop 192.168.0.5)
Adjust to your needs/ip's/ports
 
Old 09-18-2003, 11:33 AM   #3
newbuddy
LQ Newbie
 
Registered: Aug 2003
Posts: 1

Rep: Reputation: 0
good suggestion
 
Old 09-18-2003, 01:24 PM   #4
toovato
Member
 
Registered: Jul 2003
Location: Ft Lauderdale, FL
Distribution: debian
Posts: 48

Rep: Reputation: 15
How will this limit access to five sites, unless you build rules for all five sites?

You can use squid (proxy server)
maybe a better choice.

Webmin makes a module for it that you can highly configure it - also content filtering programs like squidguard and dansguardian work with squid to filter content - both also have webmin modules

www.webmin.com
 
Old 09-18-2003, 06:30 PM   #5
seabass55
Member
 
Registered: Jan 2003
Location: 127.0.0.1
Distribution: Fedora&Gentoo
Posts: 207

Rep: Reputation: 30
gee building accept rules to 5 sites is really hard huh?
 
Old 09-18-2003, 06:47 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,988
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
What if you put those five addresses in a separate chain?
Then you'll only have to change the jump target rule.
 
Old 09-19-2003, 10:57 AM   #7
Rancid
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Thanx everyone! With this information I should be able to accomplish my task.
 
Old 09-19-2003, 05:21 PM   #8
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 620

Rep: Reputation: 30
Cool

My boss also applied the same restriction with my company and I used a squid proxy with squidguard running on top of it which worked wonders. There is a alternative to squidguard I never used it but they say itś pretty good and that is Dansgaurdian. Both these apps come with blacklists which are updated weekly.

Have a look ....

chow
 
Old 09-21-2003, 06:33 PM   #9
Rancid
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Thank you for mentioning Dansguardian, I have visited its website and downloaded the program. I have not installed it yet but it looks promising.

It's blacklists will come in handy during the break when our employees are allowed to surf "freely", freely is in quotes because they are not allowed to visit porn sites and such at work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to make sles 9 server to be a router/internet gateway? databox Linux - Networking 3 07-17-2005 09:03 AM
deb netinstall client to win gateway to router to internet Motown Linux - Networking 5 01-05-2005 07:24 AM
Using Linux as an internet router / gateway bashworth Linux - Networking 2 09-10-2004 06:00 PM
Yikes! No one can get Internet thru Linux gateway/router/firewall/DHCP Avatar Linux - Networking 14 02-11-2004 08:50 PM
gateway for a linux router?? jmono Linux - Networking 12 11-17-2003 09:33 PM


All times are GMT -5. The time now is 04:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration