Topic: Blocking Computers on the LAN

[Peter]

Is there a way of using the server manager to restrict internet access based on the computer's IP address?  

I have each computer setup with a server assigned static IP.  I don't want to use proxy-auth as every one knows each others password, I want to be able to block certain IPs, but be able to reinstate it without too much hassle (i.e. server manager panel) as this will be more effective at controlling users access.

I have done a quick search but it all appeared to be based on proxy-auth, does something like what I am after exist?

Thanks, Peter

[Bob Todd]

have you checked the squid.org site for ideas?

[David Woolley]

That'll be

http://www.squid-cache.org



David

[Cyrus Bharda]

I use a squid auth rpm from www.e-smith.dyndns.org to block all http/ftp access to certain IP's as well as users, comes in handy incase a person who is blocked just walks over to an unblocked machine, they still need ausername that has access to get access

Cyrus Bharda

[Bob Todd]

Author: David Woolley (audio_AT_editvideo.co.uk)
Date:   11-27-02 12:02

That'll be

http://www.squid-cache.org



David

--------

Now I remember why that looked so odd when I typed squid.org

[Ulises Ruiz]

Here is all that you want....¨for dummys¨

http://www.lth5.k12.il.us/e-smith/

From Barquisimeto, Venezuela

[Eerikki Peltokorpi]

I think that thiss is what you looking for. You need to block access in yours firewall so that some internal ip's range cannot get to outside at all. But i don't know how to put this in yours firewall script. Maybe someone can give you that advice.

Hope that thiss give you a right direction where to look at.



-Eerikki Peltokorpi-

[Kelvin]

Don't know of a Server Manager integrated panel, but sometimes I modify the squid.conf template and explicitly list the IP addresses I want to allow web access to and block all others (only for web access though, other functions not controlled by squid still works). This is messy to say the least but it does work. Would not dream of attempting it on larger networks (really, REALLY messy).

There's also a way to block by MAC address as well but I think on SME 5.1.2, the squid that's there does not support it (but I'm not certain of this).

Kelvin

[calvin]

Try to see this :

http://forums.contribs.org/index.php?topic=15015.msg57590#msg57590

[Ryan]

I have removed internet access from users that have violated our agency rules.  I could not find a quick way to do this with SME, so in Windows 2000 or XP, I simply statically set the gateway on this machine to 10.10.10.10.  The Lan network is 192.168.1.0, so this machine can't get out.  I also block this user from loging on to another machine using the Windows user policy in NT 4 on the PDC.  It is simple and effective, but you have to enter static persistent routes at the Windows command line if this machine must communicate with another remote network that is routed/connected by your SME server.



Ryan