Topic: Proxy access for selected users

[darren]

Proxy access for selected users with no requirement to enter a username or passoword.
just a page in the server manager to say access to web yes or no.

[Cyrus Bharda]

What version of SME?

I use 5.5 U3 and have installed the 5.5 version of the squid password protection from here:

http://www.e-smith.dyndns.org/

Plus I use an added modlue for it so that I can specifiy certain IP's to get access out, so I put everyone on the DHCP except for the ones that I want to give net access no matter what and give them static IP's and set those IP's in the server manager.

I can email you the module, but you have to be familiar with expanding templates to use it.

Cyrus Bharda

[Joao Bento]

Hello Cyrus, the squidproxy password would be great if it blocked all net access, not only web access. Even if the user hasn't a password, he still can use irc, netmeeting or other client apps.

João

[Cyrus Bharda]

Joao,

Yeah that would be nice, but irc, netmeeting do not use the proxy as they use certain ports, to block them I had made a list of known ports, like 6667 6666 for irc and others for IM programs and P2P programs and just used a port blocking rpm to close them, I know users can then change the port that the certain program uses but that would be only a minority of users and thus discourages the average user from using such programs.

That is the only solution I could think of and it has worked, aslo I get called around a lot to users computers and then I do a manual check of installed programs, but this is not a problem on windows 2000 machines as I just set the domain policy to dis-allow the installation of programs.

There is probably a better way of tackling this problem, I am just suggesting what worked for me, good luck!

Cyrus Bharda

[Bill Talcott]

darren wrote:
>
> Proxy access for selected users with no requirement to enter
> a username or passoword.
> just a page in the server manager to say access to web yes or
> no.

I'm not sure exactly what you want. You state that you want to block proxy access, then state that you don't want to block just proxy access. You want to block certain users but not others, but you don't want them to have to login (which makes it hard to tell which user it is).

It's not very friendly to manage, but you should be able to set up ipchains/iptables rules to block certain IP addresses from making external connections if you that's all you want.

I would like to see a nice panel for managing firewall rules. Our old NetWinder OfficeServer had that...

[Joao Bento]

Thank's Cyrus for your answer. My wish is not to block those ports.

I use SME server as an internet server/gateway to an wireless lan accessing to a DSL line. So, anyone near my Access Point can get the lan. I just want to give acccess to those who subscribed with no limitation of usage, but don't want unsubscribed people to use the gateway to get net access to their e-mail or other apps not blocked by squidproxy.

There's a really great authentication software called NoCat but until now I haven't been able to install it on SME. If anyone of the SME community has done it, please show me an howto.

Regards,
João

[Bill Talcott]

Hmmm, maybe add MAC access lists in SME? The wireless AP should have a MAC access list that you could use, but it might a handy feature to have in SME too, for people using it as an ISP of sorts.

[Joao Bento]

Yes, the Access Point manages a MAC adress list, that's what I use for now.