Restrict Access to Internet from one computer on LAN
 

My son and wife share a machine that dual boots into Fedora and eXPee and
sometimes Knoppix for Kids.

I want to restrict access for my son to only 3 or 4 websites, but allow my
wife to go anywhere (within reason, hehe).

All the machines on the LAN get an IP from a RH7.3, running a masquerading
iptables firewall script and dhcp. _That machine also runs various web
services. _Say the shared machine is 192.168.1.5, the RH is 192.168.1.1, and
there are several other machines not to be restricted.

Does anyone know how to do this?

I've been looking at DansGuardian and Sqid, but not sure they would work like
I need.

I thought perhaps make them authenticate to get the IP, and then by user name
I can either close it up or open it. _Does that sound like the direction to
take?

I don't know how you authenticate them to get the IPs but if you managet to get an IP for each user you can solve the problem quite easy with squid.

Also, if the squid is running the solution with iptables I described in other tread doesn't work.

With squid you could write some rules like this:

acl son src 192.168.1.5
acl son_sites 10.42.42.1 10.10.1.3
http_access allow son son_sites
http_access deny son

carefull where you place those rules in squid.conf

this will filter your son's access presuming he'll get th .5 ip after authentication