smb server with internet connection shared...
 

Ok, here's my problem...over 10 yrs out of networking and only playing with linux2linux or win2win networks, i have a drama now...
Local non-profit group want a server and as i am pc illiterate(yeh ok i know where the off switch is) i have been asked to set this up...
I have smb working fine and i am setting up seperate folders for each user, no probs...
i need to have a shared internet connection and i need to limit it to users that have permission and have a password to do so, the password side wont be a prob once i get it to share...i cant get thru the lin box at all yet...
this machine has two network cards(working fine, i can get out with the linbox(thats what i am using now) but not with a winbox using the server)...
i basically am setting up a smb server and a proxy on the one machine...
normally easy, but i have forgotten more than i care to remember, so wish to ask a younger mind for help...lol..

maybe you would beenfit from defining what kind of internet access is required? Hopefully you just want a web proxy, in which case squid will help you out no problem, and can levergage user/password databases is many forms, most simply the local accounts on the box itself.

full access for only 2 users(email and net) and allow incoming ssh for myself...its on an xdsl connection...
not used for any other purpose...

this machine will be used for storage and to run a few applications used in training...as well as allowing the 2 users(and myself) full access in and out...there are approximately 12 winboxes on the network, unless we get a few extras donated...

What type of router are you using. The simplest way may be to restrict access at the router. Even a Linksys router can filter by IP or MAC address. It could also forward port 22 to your computer, but I would recommend changing the port used by your ssh server. This will reduce the number of script kiddie brute force attacks against ssh. Also, as you may have done already, disallow root logins and use "AllowUsers <yourusername>" to disallow login attempts from all other users, including system users. This isn't perfect if a user changes the MAC address on their NIC deivce. You will also need to lock down the router with a username/password to keep users from changing the access controls. ( I'm not assuming you didn't realize that. )

For some general samba networking solutions, you might want to look on the samba.org website for the book "Samba 3 by Example". One of the first examples is a server setup for a non-profit office. They have a simple share setup that anyone can write to, a readonly document share, and a printer. The configuration on both the server and for various Windows OSes are covered.

On many distro's, these books are included with a samba-doc package and installed to /usr/share/doc/packages/samba/.

Something else to consider is to use samba swat to configure the server. On some distro's you might only need to enable the swat service in a gui xinetd service configuration tool. In other's you my need to add a file called swat in /etc/xinet.d/.
This will allow root to use swat from the server itself. To be even safer, you could enable the service before using it and disable it afterwards. In this situation, being too paranoid may not be necessary. Sometimes, security is a good part social engineering. Being very anal could generate ill will which you wouldn't want to do in a volunteer organization.

You access the swat service by pointing a web browser to http://localhost:901. You can even use "ssh -X username@server" to log into the server and then start the browser with this IP address. This will require the browser to be installed on the server as well as a mimimal amount of xorg libraries installed as well. ( Some people don't install any x.org or gui programs at all. ).

Good Luck!