[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricting Internet Access

To: Tim McDonough <tmcdonough@gmail.com>
Subject: Re: Restricting Internet Access
From: Herbie <technowombat@yahoo.com>
Date: Sun, 19 Jan 2014 14:45:26 -0600 (CST)
Cc: luci-discuss@luci.org
In-Reply-To: <52D9FF4B.4000900@gmail.com>
Organization: Linux Users of Central Illinois
References: <52D9FF4B.4000900@gmail.com>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)

I don't know of anything that does that, not because it doesn't exist, 
just I haven't heard of it, but it sounds close enough to bits and pieces 
that you could surely do it with a webserver, iptables and a bit of PHP.

All you'd need is have that machine sitting between the internal LAN and 
the external router, the user has to surf to the webserver and correctly 
authenticate, and that triggers a routine that pulls the users IP from the 
environmental variables and drops it into iptables NAT'ing that address to 
the outside router.

You'd have to have a cleanup routine that logs people off again after a 
certain amount of time, maybe use the PHP session token time or 
something, but I'm sure if you look at the login routine for 
something like webmail, squirrelmail or whatever and a firewall script you 
could cobble something together.

You'd be able to log whomever logged in and out, you could even track what 
they were surfing to if you had enough disk space.

Or maybe there is an elegant solution out there, just waiting for someone 
else to mention it ;)

h.

On Fri, 17 Jan 2014, Tim McDonough wrote:

> I'm looking for suggestions on how to restrict access to the Internet at one 
> of our work facilities.
>
> It would be simple enough to not allow access at all during certain times of 
> the day but I would prefer if there were a way to require a user to correctly 
> enter a password to be able to access anything outside the local LAN. It's 
> not practical to restrict access to the computers themselves. The shift 
> workers need to use them to access maintenance records, etc.
>
> The on site router is a Sonicwall TZ-100. It is physically secure from 
> tampering and it would be possible to put something else in the same room to 
> sit between it and the rest of the LAN.
>
> Thanks for your input.
>
> Tim
>
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Restricting Internet Access
  - From: Tim McDonough <tmcdonough@gmail.com>

Prev by Date: Restricting Internet Access
Next by Date: Adblocking NAT?
Prev by thread: Restricting Internet Access
Next by thread: Re: Restricting Internet Access
Index(es):
- Date
- Thread