hi, in a cybercafe setup i have a mandrake server connected to dsl and squid and dhcp. The other machines are a variety of windoze stuff. I would like the facillity of enabling/disabling internet access for specific machines from the server. If i give each windoze machine a specific ip address, this can be done. But the user can always change the ip address in windoze. Any suggestions on how to do it?
Kenneth Gonsalves lawgon@thenilgiris.com writes:
in a cybercafe setup i have a mandrake server connected to dsl and squid and dhcp. The other machines are a variety of windoze stuff. I would like the facillity of enabling/disabling internet access for specific machines from the server. If i give each windoze machine a specific ip address, this can be done. But the user can always change the ip address in windoze. Any suggestions on how to do it?
You can check for the ipaddress - mac address combination using iptables on you GNU/Linux gateway. Dont permit any ip-mac combination which looks like the user has changed the ip.
You can allow/disallow internet (HTTP) connection using squid.conf. however, a better approach would be to use NAT., you can redirect HTTP traffic to squid by running squid as a transparent proxy. This way., your clients would be able to access other protocols such as IRC/SSH/* .. The control is still there.
Kenneth Gonsalves wrote:
hi, in a cybercafe setup i have a mandrake server connected to dsl and squid and dhcp. The other machines are a variety of windoze stuff. I would like the facillity of enabling/disabling internet access for specific machines from the server. If i give each windoze machine a specific ip address, this can be done. But the user can always change the ip address in windoze. Any suggestions on how to do it?
I am also helping a friend of mine to setup a cyber cafe, they want users to be disconnected after an hour's usage. Squid does not have this feature to best of my hacking. Any thought on how to impliment this?
Amish.
On Tuesday 18 Jan 2005 10:55 am, Adil Kodian wrote:
I am also helping a friend of mine to setup a cyber cafe, they want users to be disconnected after an hour's usage. Squid does not have this feature to best of my hacking. Any thought on how to impliment this?
ah well - have you guys heard about cyborg ?
cyborg.sourceforge.net
have you tried it in a production environment - whats your feed back?
On Tue, Jan 18, 2005 at 09:19:33AM +0530, Kenneth Gonsalves wrote:
in a cybercafe setup i have a mandrake server connected to dsl and squid and dhcp. The other machines are a variety of windoze stuff. I would like the facillity of enabling/disabling internet access for specific machines from the server. If i give each windoze machine a specific ip address, this can be done. But the user can always change the ip address in windoze. Any suggestions on how to do it?
As others have said, use the MAC address instead of the IP address. But why do you allow users to surf with Administrator accounts?
On Tue, 18 Jan 2005 06:21:20 -0500, Satya ilugbom@thesatya.com wrote:
On Tue, Jan 18, 2005 at 09:19:33AM +0530, Kenneth Gonsalves wrote:
in a cybercafe setup i have a mandrake server connected to dsl and squid and dhcp. The other machines are a variety of windoze stuff. I would like the facillity of enabling/disabling internet access for specific machines from the server. If i give each windoze machine a specific ip address, this can be done. But the user can always change the ip address in windoze. Any suggestions on how to do it?
As others have said, use the MAC address instead of the IP address. But why do you allow users to surf with Administrator accounts?
Even that is not reliable. If you have administrator account, you can change the MAC address as well on some boxen.
:) cheers Vinayak H
On Tuesday 18 Jan 2005 4:51 pm, Satya wrote:
As others have said, use the MAC address instead of the IP address. But why do you allow users to surf with Administrator accounts?
not users - staff members
On Tue, Jan 18, 2005 at 05:12:55PM +0530, Kenneth Gonsalves wrote:
On Tuesday 18 Jan 2005 4:51 pm, Satya wrote:
As others have said, use the MAC address instead of the IP address. But why do you allow users to surf with Administrator accounts?
not users - staff members
If staff members are changing IP or MAC addresses after being told not to, you have a policy problem.
On Tuesday 18 Jan 2005 5:21 pm, Satya wrote:
On Tue, Jan 18, 2005 at 05:12:55PM +0530, Kenneth Gonsalves wrote:
On Tuesday 18 Jan 2005 4:51 pm, Satya wrote:
As others have said, use the MAC address instead of the IP address. But why do you allow users to surf with Administrator accounts?
not users - staff members
If staff members are changing IP or MAC addresses after being told not to, you have a policy problem.
not my cybercafe - owner is computer illiterate and his staff are taking him for a ride - i (foolishly?) told him that linux will liberate him
Kenneth Gonsalves wrote:
not my cybercafe - owner is computer illiterate and his staff are taking him for a ride - i (foolishly?) told him that linux will liberate him
When I first learnt to use the internet, I went to a small cyber cafe and there the owner though a computer literate, simply used to note in his little book, the time I sat on the comp. and the time I got up and charged me according to 15 minute time slabs.
Regards,
Rony.