Re: How to update iptables to restrict LAN computer Internet?
- From: Rich Piotrowski <abuse@xxxxxxxxx>
- Date: Thu, 22 Jun 2006 15:20:30 GMT
Ohmster wrote:
I have a linux question please.
Hardware and setup:
Fedora Core 3 OS
PIII 800Mhz
Ti4600 Video Card
1.5Gb SDRAM
80Gb Hard disk
2 NIC; ADSL modem to eth0, eth1 to hub for LAN
Modem is bridged, PPPoE maintains ADSL connection
Firestarter firewall provides ipmasquerading for Internet
samba provides shares from linux box
Acts as a gateway to Internet
3 MS XP Pro machines on hub using file sharing and they get their Internet from the linux gateway machine
One of the XP machines is used by a young teenager and I would like to restrict Internet activity on this machine to certain hours, or else the 17 year old girl will be running 4-6 yahoo chat sessions all night long. This causes problems because no one would be up to supervise this activity and already the young lady has been caught on the phone talking to some of these "cute" strangers and lied about it. Not good, this machine needs Internet for certain hours of the day only.
I can use Firestarter firewall (I use this GUI program in X windows because it is easy to setup and run, and it does provide IP masquerading for all the LAN machines.) to add the kid's machine as 192.168.0.5 and block Internet for the computer. I do not run the linux server/firewall/gateway in run level 5, I run it at run level 3 most all of the time. iptables is a very complicated subject to master and being the only breadwinner for the household, I do not have the time to learn iptables enough to do what I want.
What I need are 2 simple iptables commands that I can tell cron to run at certain times to start and stop ipmasquerading for this machine only (192.168.0.5). One command will append to the current iptables rules to stop Internet from going to and from the machine and another command will remove that rule only and return the iptables rules to their original masquerading state. Then I can add them as cron jobs to automate this process so that when 11:00 PM comes along, the child's Internet connection will stop, regardless if anyone is here to do it and at 6:00 AM, cron will run the other command to allow Internet again to the LAN machine.
Could someone please help with this problem an offer some suggestions of commands that will work? This is pretty important because the alternative is to take away the kid's computer and then she will have nothing for school work or anything else.
Thanks.
I see you got an answer to your question further down here but you may want to consider Dansguardian. Not only can you accomplish want you want to do in terms of limiting access by time of day but also control what is accessed. You can also block the downloading of .exe, .com etc. That is a major help in preventing spyware.
http://dansguardian.org/
Rich Piotrowski
--
"Now are you talking about what it is you know
or just repeating what it was you heard."
Grace Slick
To E-mail use: rpiotro(at)wi(dot)rr(dot)com
.
- Follow-Ups:
- Re: How to update iptables to restrict LAN computer Internet?
- From: Ohmster
- Re: How to update iptables to restrict LAN computer Internet?
- From: Llanzlan Klazmon
- Re: How to update iptables to restrict LAN computer Internet?
- References:
- Prev by Date: Honoured VPN guru, help needed very much (Openswan IPsec, l2tpd, pppd )
- Next by Date: TCP flag PSH - (Sorry for the cross-posting)
- Previous by thread: Re: How to update iptables to restrict LAN computer Internet?
- Next by thread: Re: How to update iptables to restrict LAN computer Internet?
- Index(es):
Relevant Pages
|
