allow internet access to router for only few PCs
 

Hi
Ive got a debian router and a switch through which I provide internet access to some of the residents of my building...I want to implement a mechanism so that only the computers I specify can access the Internet...I could do it through squid but if I do so it would allow me only to restrict traffic going through port 80 what about Internet applications that use other ports such as ftp, smtp, yahoo and msn. I want to use a mechanism that allows me to authenicate PCs based on mac address and only those computers are allowed to access the internet. One particular solution could be blocking all access to the router unless the request have the source mac from an authorised PC..but I would prefer another approach if available...since Iam not going to operate the router..and the firewall script was written using VIM and the oprerator needs a web interface to operate the router.

Note: I ve got a freeradius server setup and running on the router with the dialup admin interface..I have done this setup previoulsy with pppoe and freeradius..but I can not use pppoe this time..so I need another mechanism to authenicate users if I can bound it to freeradius that would be perfect....squid is running too with the webmin interface.

Hi,

Simply masqurede all traffic to port 80 and make acl for those you d'nt want to use internet, for simplicity of use write a shell script that can ask IP/PC and edit squid.conf and restart the daemon.

thanks

Allright, but if I do that all traffic will be redirected to squid..as a result how can squid handle traffic not destined for web servers..for example if I do so and create an acl that contains the mac addresses of the desired PCs ..how will squid handle msn traffic..p2p traffic..skype etc...

Hope this helps...http://linux.about.com/od/ubusrv_doc/a/ubusg26t03.htm