Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: dmajwool on September 07, 2004, 11:38:09 AM

Title: Restrict gateway to logged on users
Post by: dmajwool on September 07, 2004, 11:38:09 AM

Currently, my 6.0 Server-Gateway gives internet connections to workstations that are not logged on.

Is it possible to restrict the gateway to authenticated users?

Thanks

David

Title: Restrict gateway to logged on users
Post by: raem on September 10, 2004, 05:56:05 PM

Dansguardian can block workstatioons by IP, and if you use user authentication you can also filter by user.
Put the w/s IP you want to block access to the Internet from , into
/etc/dansguardian/bannediplist

Read more in the howto and elsewhere about filtering on users in conjunction with authentication.

Title: Restrict gateway to logged on users
Post by: raem on September 10, 2004, 05:56:40 PM

see howto here
http://www.ibiblio.org/pub/Linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/dansguardian%20instal%20&%20configure%20HOWTO%20for%20sme%20server.htm

Title: Restrict gateway to logged on users
Post by: dmajwool on September 12, 2004, 05:01:10 PM

Thanks for the reply, Ray.

I couldn't connect to the link you gave, www.ibiblio.org could not be resolved here, so here is some additional info.

My application is that the SME server/gateway is in a building with some staff computers and some spare RJ45 sockets that exist in offices that clients hire by the week.

We provide a separate Wi-Fi network with a separate dsl connection for our visiting clients to use for internet browsing, but some of these clients plug into our main network instead.

If I could configure the SME to require a logon before it offered a gateway, then I think these clients would soon get bored and assume the RJ45 sockets don't work.

You suggest filtering by ip address, but I cannot predict the ip's that these clients' machines will use - either because of DHCP or because they are free to choose any ip they fancy.

Is DansGuardian still your recommendation for this scenario, or is there another solution?

Many thanks

David

Title: Restrict gateway to logged on users
Post by: raem on September 12, 2004, 05:49:34 PM

In that situation I think you can use Dansguardian differently.
Set up a blanket block of all sites (meaning no-one can access the Internet) and then allow access to only workstations on your network. I assume you will know the IPs for those machines.
The end result will mean w/s with unknown (ie unlisted) IPs are blocked.

Keep in mind though that Dansguardian will not do any content filtering for the allowed IP workstations, but that's not the reason you are using it anyway.

In bannedsitelist add **
eg  
#Blanket Block.  To block all sites except those in the
#exceptionsitelist file remove the # from the next line to leave
#only a '**':
#**

Add allowed IPs to exceptioniplist

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/dansguardian%20instal%20&%20configure%20HOWTO%20for%20sme%20server.htm

Title: Restrict gateway to logged on users
Post by: dmajwool on September 12, 2004, 10:01:02 PM

Many thanks Ray

I'll download DG and see how it works for us

David