Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: MasterSleepy on November 18, 2003, 06:52:08 PM
-
Hello,
Some time ago, I write a howto to restrict internet access to some IP on the local network.
That howto was not really the best solution.
So I write a contrib with a new screen in the server-manager to manage that.
You can find it here :
http://vanhees.homeip.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=136&ttitle=e-smith-squid-restrict-ip-0.1-1.noarch.rpm
Regards,
MasterSleepy.
-
I'm afraid I forgot to say that this package works for SME 5.6 and 6.0b3
-
Hi,
Thanks - I will check it out, sure most people will want something like this...
Again good work :-)
Byte
-
MasterSleepy wrote:
> So I write a contrib with a new screen in the server-manager
> to manage that.
Hi,
Thanks for the contrib. Do you have any plans to add time restrictions also (work hours, off-work and weekends)?
Thanks anyway
rgds
Tor
-
That is a good idea,
I will seen what I can do.
rgds
-
sounds good, ill check it out this afternoon.
What about this,
instead of give the ips acces 2 the internet u disable the acces.
so for example,
i run a sme gateway.
the whole network can acces internet via the sme gateway.
now i wanna block some ips to the internet via the server-manager.
-
That is a great contrib, thanks !
Did you ever consider to not do this by IP address but by username ?
I would be so great to grant some users internet access and some users not.
-
I have somthing similar a friend wrote me using squid acls to link in
with activedirectory users and alow only a predefined list of users
access. If you like I could post the info.
-
Please post it !
Regards
Mats
-
If you need any further info, I shall try and help.
Jimbo
#
# Auth program defined below. By Cenk Ozkan
#
auth_param basic program /usr/lib/squid/msnt_auth
auth_param basic children 5
auth_param basic realm Iwall
auth_param basic credentialsttl 2 hours
acl authusers proxy_auth REQUIRED
acl all src 192.168.100.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 81 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Only allow Authenticated users
#
http_access allow authusers
icp_access allow authusers
-
Mastersleepy,
When I tried to uninstall your rpm I got a 'file not found error--'
Shouldn't it work by rpm -e ?
Tor
-
rpm -e e-smith-squid-restrict-ip
-
Hy,
First to make sure of correct name of rpm you want to uninstall,
make a
rpm -qa|grep squid-restrict
that command will give you the correct name.
After rpm -e ...
rgds,
MasterSleepy.
http://vanhees.homeip.net
-
Guys....
Am I missing something here? I'm running 6.0b3, two users inside of the sme box, both getting ip's from dhcp server ( not sme though - nt box - thats another story ). I installed this contrib, and ~nothing~ appears to be happening.. I am just happily surfing away like its no-bodies business from both boxes. Does the contrib only wotk w/static addresses - am I supposed to configure something? I'm testing this here - sort of a playground that I have. If I could get this to do what I ~think~ it is supposed to do (NOT allow certain IP'd machines out the door - yes?) then I might have to talk to my wife and we can maybe consider letting the boys each have a computer in thier rooms after all.... one is 13, the other 16. Would you let them have web access un-attended? lol!!