LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Permit access to only one website from a station in the internal network (https://www.linuxquestions.org/questions/linux-security-4/permit-access-to-only-one-website-from-a-station-in-the-internal-network-182576/)

rocordial 06-06-2004 01:31 AM
If you are using masquerading try using the FORWARD channel instead of INPUT.

The rules are:

iptables -A FORWARD -p tcp -s 192.168.1.5 -d 206.132.214.10 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.1.5 -d 207.218.164.15 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.1.5 -j DROP

I think this should work if you have a fixed adress assigned on your son's computer and you are not using a proxy.

fuzzie 06-06-2004 02:12 AM
Wow! The simpliest things sometimes...
FORWARD fixed it!

Thanks for all your help.

fuzzie 06-06-2004 08:33 AM
Well, it works to block, but not for my wife.
The targeted computer uses WinXP. I hardcoded her IP under her login to a different IP and she could go anywhere.
But when I rebooted and went into my son's account, he had the hard-coded IP, not the DHCP IP, so he could go anywhere.

So I need to find a way to assign an IP depending on which account is logged on.

Any ideas?

rocordial 06-06-2004 10:34 AM
I suggest to run scrips for each user profile on your xp computer. Those scripts will assign a different static IP for each user that logs in.

I'm not good at windows scripting but here is a script that claims to do just that:

http://www.enterpriseitplanet.com/re...le.php/3082511

If you solved this let me know some details :)

P.S. at the end of that script insert an "end if". On my computer that scripd didn't find the SWbemLocator object. Maybe it should be installed form Microsoft.

fuzzie 06-06-2004 02:51 PM
I've never used cscript....can you point me to some help on that?

fuzzie 06-06-2004 06:58 PM
I was able to do it (thanks to CPLUG Lisa) with a batch file in All Users startup:
@echo off
if "%username%" == "wife" GOTO :wife
echo "NOT wife"
netsh interface ip set address "Local Area Connection" static 192.168.XXX.XXX 255.255.255.0 192.168.XXX.XXX 1
GOTO :end
:wife
echo "wife"
netsh interface ip set address "Local Area Connection" static 192.168.xxx.yyy 255.255.255.0 192.168.xxx.xxx 1
:end

If anyone other than wife logs on, they get the restricted IP, each internet site approved must be in the firewall script. If it is not, no page loads...someday I will try to make a default page load saying, "Access Restricted....see Dad"

Wife can go anywhere...for now!


All times are GMT -5. The time now is 08:08 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page