[SGVLUG] Preventing certain Machines from Internet
Sean O'Donnell
sean at seanodonnell.com
Mon Nov 5 16:13:33 PST 2007
dhcpd (or dnsmasq) + iptables + ip_forward = done;
I have some pretty old notes here on my site about setting up such a
configuration, although it really needs to be updated/rewritten. The
examples should work though, despite et all.
Configuring a NAT Firewall/Router
http://seanodonnell.com/code/?id=44
Configuring a DHCP Server w/ Multiple Subnets on Linux
http://www.seanodonnell.com/code/?id=43
These are very dated and poorly written. You'll also need to configure
'ifconfig' properly, which I don't think is mentioned in there either.
I know I need to revise these, but that should give you simple example.
Think of it more as a kick in the right direction, rather than an
all-inclusive answer to your question. You'll of coarse need to make
modifications so that it works to your requirements.
PS: I would suggest using switches, rather than hubs.
-Sean
Arthur Baldwin wrote:
> I was wondering if anyone knows of an existing project where the
> following can be acheived:
>
> List of hardware:
>
> two 8 port hubs
> one fairly new IBM compatible PC with two NICs (acting as filter)
> one DSL Modem and connection
> 8 IBM compatible workstations
>
> Notes: From one of the workstations, be able to limit the access on any
> number of the 8 workstations so that Internet access would be completely
> excluded. All this without affecting the browse-ability of other
> workstations on the LAN (with File sharing and Printer sharing). The
> machine names and IP Addresses would be known.
>
> I think that this type of software would fill a very common need in very
> small businesses (less than 10 employees).
>
> Any ideas?
>
> Arthur
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
More information about the SGVLUG
mailing list