Linux-Noob Forums
Internet Access - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: Internet Access (/thread-2566.html)



Internet Access - xDamox - 2005-07-05


Hi,

 

I was curious on how you could limit users surfing the Internet, I found KobrAs's guide useful :)

I setup a group called Internet and assigned users to it and apply this to my iptable

 



Code:
iptables -t filter -A OUTPUT -p tcp -dport 80 --match owner --gid-owner 501 -j DROP




 

This worked great, but I was wondering if you had your users logging in all over your network

using LDAP, How could you make these rules apply still?




Internet Access - anyweb - 2005-07-06


Quote:I found KobrAs's guide useful
 

which guide is that ? i'd like to read it

 

cheers

 

anyweb




Internet Access - xDamox - 2005-07-06


[/url][url=<___base_url___>/index.php...&hl=MySQL+block][/url][url=<___base_url___>/index.php...&hl=MySQL+block]https://www.linux-noob.com/forums/index.php...&hl=MySQL+block



Internet Access - znx - 2005-07-10


Quote:Hi, 

I was curious on how you could limit users surfing the Internet, I found KobrAs's guide useful  :)

I setup a group called Internet and assigned users to it and apply this to my iptable

 



Code:
iptables -t filter -A OUTPUT -p tcp -dport 80 --match owner --gid-owner 501 -j DROP

<div>


 

This worked great, but I was wondering if you had your users logging in all over your network

using LDAP, How could you make these rules apply still?

</div>
 

[img]<___base_url___>/uploads/emoticons/default_dry.png[/img] .. how about proxy the users... and only allow the proxy through?




Internet Access - xDamox - 2005-07-11

Yea, I been told there is a proxy enviroment varable which I can set.



Internet Access - hijinks - 2005-07-11

no you want to setup a proxy for your clients to get through.. for example you drop all outbound traffic on port 80 on your firewall but from your proxy machine. Then load up squid on it and you can have people login in order to get access to the web.. then i think in squid you can do some sort of QOS and traffic shaping



Internet Access - xDamox - 2005-07-11

yea I was looking at squid hijinks, I may have a go at messing with it