[TriLUG] limiting Internet access with squid?
jbroome at gmail.com
Mon Mar 19 11:37:40 EDT 2007
On 3/19/07, Greg Brown <gwbrown1 at gmail.com> wrote:
> Problem: I have a client with a small network at a resturant. His computer
> is XP Home so it can't be locked and he would like to restrict Internet
> access (when he isn't there his employees are surfing the web on the office
> computer, going to myspace.com, crap like that. Can squid be set up block
> all request on port 80 and force users to authenticate before passing them
> along? What I'd like is for Paul to have unrestricted access to the
> Internet but his employees to be blocked from going outbound.
> Is this possible with squid? If not, do you have any other ideas?
Here's what we did for a client that had machines on the shop floor
that wanted internet access, but not the WHOLE internet:
use dhcpd to assign the shop machines an ip address based on MAC address
make a list of those ip addys
use PF to rdr those IPs to localhost:3128
run tinyproxy on the firewall, and set up a whitelist of approved sites.
Now they can get to sites they need for work, but don't spend all day
looking at NCAA tourney scores. :)
There are three R's to windows tech support: "Restart, Reboot, Reinstall"
More information about the TriLUG