[SGVLUG] Preventing certain Machines from Internet

Sean O'Donnell sean at seanodonnell.com
Mon Nov 5 16:13:33 PST 2007


dhcpd (or dnsmasq) + iptables + ip_forward = done;

I have some pretty old notes here on my site about setting up such a
configuration, although it really needs to be updated/rewritten. The
examples should work though, despite et all.

Configuring a NAT Firewall/Router
http://seanodonnell.com/code/?id=44

Configuring a DHCP Server w/ Multiple Subnets on Linux
http://www.seanodonnell.com/code/?id=43

These are very dated and poorly written. You'll also need to configure
'ifconfig' properly, which I don't think is mentioned in there either.

I know I need to revise these, but that should give you simple example.
Think of it more as a kick in the right direction, rather than an
all-inclusive answer to your question. You'll of coarse need to make
modifications so that it works to your requirements.

PS: I would suggest using switches, rather than hubs.

-Sean

Arthur Baldwin wrote:
> I was wondering if anyone knows of an existing project where the
> following can be acheived:
>  
> List of hardware:
>  
> two 8 port hubs
> one fairly new IBM compatible PC with two NICs (acting as filter)
> one DSL Modem and connection
> 8 IBM compatible workstations
>  
> Notes:  From one of the workstations, be able to limit the access on any
> number of the 8 workstations so that Internet access would be completely
> excluded.  All this without affecting the browse-ability of other
> workstations on the LAN (with File sharing and Printer sharing).  The
> machine names and IP Addresses would be known.
>  
> I think that this type of software would fill a very common need in very
> small businesses (less than 10 employees).
>  
> Any ideas?
>  
> Arthur
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com





More information about the SGVLUG mailing list