SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to restrict certain websites from my children (myspace, xanga, etc.). My daughter, in order to keep me from modifying her blog accounts, has set up 'hidden' e-mail addresses (yahoo and others).
I am currently using Slackware 10.0 on a home machine with dial-up service. Mozilla, firefox and konqueror are the web browsers installed on my machine.
A quick search through LQ pulls up squid as a possible solution. However, it seems the squid recommendations are dealing with network setups, not necessarily for dial-ups.
Has anyone tried using squid in an application like mine? Does anyone have any other solutions to restrict web sites?
Squid does allow you to restrict which web-sites are viewable. It works fine when the other people using it are on their own PCs and have to go through the Linux box to the internet. You can restrict forwarded ports (using iptables) and set it up so that client PCs have to go through Squid. You can also use transparent proxying so that no setup is required on the client PCs.
The only down side is when people are browsing from the Linux box that Squid is installed on. They can change the browser's proxy setting back to being a direct connection to the internet. Direct access to web ports from the Linux box is necessary so that Squid can retrieve pages and as far as I know trying to set up transparent proxying doesn't work properly on the local host.
one thing you could do (although it's WAY less effective than a transparent proxy) is set squid on the localhost like normal (non-transparent) and then find some kinda internet-cafe/kiosk extension for firefox which prevents the user from changing the browser's settings and stuff... so basically you'd set firefox to use squid on the localhost, then password protect firefox's settings (i'd also uninstall/disable mozilla and konqueror)... there's a "kiosk browsing" category at the firefox extension website - that might be a good place to find something like this...
The uniform and standard way to go about it is to have a firewall sitting just before your internet exit point. You restrict the outgoing internet traffic (0.0.0.0) to originate from your squid machine. On the squid you impose whatever rules necessary. Now your lan is locked down. In case if users decide to pull a fast one and switch off the proxy setting, they wont get anywhere.
Ah... I had lost track of this thread.
After having read it a couple of weeks ago, I tried to apply the knowledge I gained with another thread about transparent proxying on a LAN to the situation of a single Linux desktop machine (no LAN, no Linux gateway), and this is the article I wrote about it:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
...
re: restricting access
