how to restrict web browsing in the local lan

qmesbah · 09-11-2003, 03:05 AM

i have 2 interface in my server local (192.168.0.1) & internet (Ethernet with real IP). services in the server are proxy, dns, web, mail. using ipchain as firewall. any one can help me to solve these problem -

1. how can i restrict some of my local user only from web browsing, but he will be able to send and receive mail.

2. how can i restrict some of my local user to send external mail but shloud be able to send internally and receive both internal nad external mail, i use sendmail.

phoeniXflame · 09-11-2003, 06:23 AM

Firstly I'd recommend upgrading your kernel as Iptables are now the prefered method of filtering, secondly, just write 2 rules to block incomming packets to your blocked users ip address with a source port of 80 (and 8080 to stop proxys)

qmesbah · 09-12-2003, 11:12 PM

thanks phoeniXflame

ppuru · 09-13-2003, 06:23 AM

qmesbah-moshai

What flavour and version of liGNUx do you use?

iptables is currently preferred over ipchains.

if you are using kernel 2.4, you can use iptables.

You had mentioned proxy in your post. I assume you are using SQUID. You can control web browsing using acls in squid.

qmesbah · 09-14-2003, 12:15 AM

thanks ppuru.
yeah 2.4 & squid.
i got the solution of my first question.
can any one help me to solve the second one.

unSpawn · 09-16-2003, 07:59 AM

2. how can i restrict some of my local user to send external mail but shloud be able to send internally and receive both internal nad external mail, i use sendmail.
Controlled relaying, I guess. Search LQ and Sendmail.org for posts/docs on relaying. After you've read those, adjust your /etc/mail config files, try, test, and post if any errors/questions occur.