[SGVLUG] Preventing certain Machines from Internet
Charles Wyble
charles at thewybles.com
Wed Nov 7 06:18:10 PST 2007
Wrt54gl+ddwrt+samba will get fairly close to this.
-----Original Message-----
From: Arthur Baldwin <eengnerd at yahoo.com>
Date: Tue, 6 Nov 2007 18:14:22
To:"SGVLUG Discussion List." <sgvlug at sgvlug.net>
Subject: Re: [SGVLUG] Preventing certain Machines from Internet
Thank you very much for your feedback, everyone! I was hoping to find a ¨router project¨ where they have a ¨remote interface¨ that would make it easy for inexperienced users to control the gateway machine from any workstation. Ideally, the GUI interface would allow the user to just click on an icon, representing each currently turned on workstation, in order to ¨toggle¨ the internet access. An incidental need (that I just discovered today) is for the gateway machine to also act as a WINS server.
Arthur
----- Original Message ----
From: Sean O'Donnell <sean at seanodonnell.com>
To: SGVLUG Discussion List. <sgvlug at sgvlug.net>
Sent: Monday, November 5, 2007 4:13:33 PM
Subject: Re: [SGVLUG] Preventing certain Machines from Internet
dhcpd (or dnsmasq) + iptables + ip_forward = done;
I have some pretty old notes here on my site about setting up such a
configuration, although it really needs to be updated/rewritten. The
examples should work though, despite et all.
Configuring a NAT Firewall/Router
http://seanodonnell.com/code/?id=44 <http://seanodonnell.com/code/?id=44>
Configuring a DHCP Server w/ Multiple Subnets on Linux
http://www.seanodonnell.com/code/?id=43 <http://www.seanodonnell.com/code/?id=43>
These are very dated and poorly written. You'll also need to configure
'ifconfig' properly, which I don't think is mentioned in there either.
I know I need to revise these, but that should give you simple example.
Think of it more as a kick in the right direction, rather than an
all-inclusive answer to your question. You'll of coarse need to make
modifications so that it works to your requirements.
PS: I would suggest using switches, rather than hubs.
-Sean
Arthur Baldwin wrote:
> I was wondering if anyone knows of an existing project where the
> following can be acheived:
>
> List of hardware:
>
> two 8 port hubs
> one fairly new IBM compatible PC with two NICs (acting as filter)
> one DSL Modem and connection
> 8 IBM compatible workstations
>
> Notes: From one of the workstations, be able to limit the access on any
> number of the 8 workstations so that Internet access would be completely
> excluded. All this without affecting the browse-ability of other
> workstations on the LAN (with File sharing and Printer sharing). The
> machine names and IP Addresses would be known.
>
> I think that this type of software would fill a very common need in very
> small businesses (less than 10 employees).
>
> Any ideas?
>
> Arthur
>
>__________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com <http://mail.yahoo.com>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the SGVLUG
mailing list