Topic: Allow some IP to access internet

[MasterSleepy]

Hello,

Some time ago, I write a howto to restrict internet access to some IP on the local network.
That howto was not really the best solution.
So I write a contrib with a new screen in the server-manager to manage that.

You can find it here :
http://vanhees.homeip.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=136&ttitle=e-smith-squid-restrict-ip-0.1-1.noarch.rpm

Regards,
MasterSleepy.

[MasterSleepy]

I'm afraid I forgot to say that this package works for SME 5.6 and 6.0b3

[Byte]

Hi,

Thanks - I will check it out, sure most people will want something like this...

Again good work

Byte

[Tor Tveitane]

MasterSleepy wrote:
> So I write a contrib with a new screen in the server-manager
> to manage that.

Hi,

Thanks for the contrib.  Do you have any plans to add time restrictions also (work hours, off-work and weekends)?

Thanks anyway

rgds

Tor

[MasterSleepy]

That is a good idea,
I will seen what I can do.

rgds

[Arno]

sounds good, ill check it out this afternoon.
What about this,
instead of give the ips acces 2 the internet u disable the acces.
so for example,
i run a sme gateway.
the whole network can acces internet via the sme gateway.
now i wanna block some ips to the internet via the server-manager.

[Harald van Buel]

That is a great contrib, thanks !
Did you ever consider to not do this by IP address but by username ?
I would be so great to grant some users internet access and some users not.

[Jimbo]

I have somthing similar a friend wrote me using squid acls to link in
with activedirectory users and alow only a predefined list of users
access. If you like I could post the info.

[Mats Karlsson]

Please post it !


Regards
Mats

[Jimbo]

If you need any further info, I shall try and help.

Jimbo

#
# Auth program defined below. By Cenk Ozkan
#
auth_param basic program /usr/lib/squid/msnt_auth
auth_param basic children 5
auth_param basic realm Iwall
auth_param basic credentialsttl 2 hours
acl authusers proxy_auth REQUIRED

acl all src 192.168.100.0/255.255.255.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 81 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# Only allow Authenticated users
#
http_access allow authusers
icp_access allow authusers

[Tor Tveitane]

Mastersleepy,

When I tried to uninstall your rpm I got a 'file not found error--'

Shouldn't it work by rpm -e ?

Tor

[Byte]

rpm -e e-smith-squid-restrict-ip

[MasterSleepy]

Hy,
First to make sure of correct name of rpm you want to uninstall,
make a
rpm -qa|grep squid-restrict
that command will give you the correct name.
After rpm -e ...

rgds,
MasterSleepy.
http://vanhees.homeip.net

[Jim Danvers]

Guys....

Am I missing something here?  I'm running 6.0b3, two users inside of the sme box, both getting ip's from dhcp server ( not sme though - nt box - thats another story ).  I installed this contrib, and ~nothing~ appears to be happening..   I am just happily surfing away like its no-bodies business from both boxes.  Does the contrib only wotk w/static addresses - am I supposed to configure something?  I'm testing this here - sort of a playground that I have.  If I could get this to do what I ~think~ it is supposed to do (NOT allow certain IP'd machines out the door - yes?) then I might have to talk to my wife and we can maybe consider letting the boys each have a computer in thier rooms after all....   one is 13, the other 16.  Would you let them have web access un-attended?  lol!!