Topic: ban certain users internet access

[sander]

i would like to ban certain users internet access.
the server is 4.1.1

how can i do that?

can i ban mac address?
or do i have to ban ip address(es)?

please help

sander

[P. Schepers]

It's already discussed.

Use authentication, here's a very nice one.
It provides authentication based on NCSA

Just install e-smith-squid-0.2-6.i386.rpm.

follow this url
http://perso.wanadoo.fr/mcas/fetchmail.html

[Kelvin]

Be careful when using this method. I have tried it and have had problems because there are certain web sites that don't quite work if you enable proxy (but works just fine when you turn off proxies). But, if you use this module, you MUST use proxies in order to access the net.

What I wish for (and quite a few others I have spoken to as well), is someway to block access to the internet based on the MAC address of the NIC of the PC to be blocked. IP address is OK but not good enough as anyone with a little knowledge can change his IP address and possibly find one that has access. Much harder to change his MAC address.

Taken a little further, the Internet Access Control List could also specify which common internet services to allow / disallow (ie. Web access, Mail access, FTP, etc), a feature that has been around in simple hardware internet sharing devices for a very long time.

Kelvin

[sander]

> Taken a little further, the Internet Access Control List
> could also specify which common internet services to allow /
> disallow (ie. Web access, Mail access, FTP, etc), a feature
> that has been around in simple hardware internet sharing
> devices for a very long time.

I did not think that far ahead, but these feautures would be very nice.

Maybe they caold include this feauture in new version of SME?

As i don't know what kind of new feautures there are in 5.1, i am not eagared to upgrade. as 5.0 is working just fine. but with this feature i wouldn't think twice about upgrading.

May-be you could post an rpm for earlier versions of e-smith e.g 4.1.x ?

sander

[John Trombly]

It really sounds like this is a job for IPCHAINS. I have found and used (prior tp e-smith) a utility called pmfirewall. You can look/download this from
http://www.pmfirewall.com/

If I do not get a better way of blocking traffic on the local lan side (bound for internet) I will see if I can sneak this into the e-smith system.

The way I used it before was a simple on/off switch for each IP. If you are using DHCP, you can pre-set IP addresses to match NIC ids, but if their system does not ask for the DHCP then there is nothing I yet know of that will force usage rules via pmfirewall.

I already posted another message prior to seeing this one.