[TriLUG] limiting Internet access with squid?

John Broome jbroome at gmail.com
Mon Mar 19 11:37:40 EDT 2007


On 3/19/07, Greg Brown <gwbrown1 at gmail.com> wrote:
> Problem: I have a client with a small network at a resturant.  His computer
> is XP Home so it can't be locked and he would like to restrict Internet
> access (when he isn't there his employees are surfing the web on the office
> computer, going to myspace.com, crap like that.  Can squid be set up block
> all request on port 80 and force users to authenticate before passing them
> along?  What I'd like is for Paul to have unrestricted access to the
> Internet but his employees to be blocked from going outbound.
>
> Is this possible with squid?  If not, do you have any other ideas?


Here's what we did for a client that had machines on the shop floor
that wanted internet access, but not the WHOLE internet:

use dhcpd to assign the shop machines an ip address based on MAC address
make a list of those ip addys
use PF to rdr those IPs to localhost:3128
run tinyproxy on the firewall, and set up a whitelist of approved sites.

Now they can get to sites they need for work, but don't spend all day
looking at NCAA tourney scores. :)

-- 
There are three R's to windows tech support: "Restart, Reboot, Reinstall"



More information about the TriLUG mailing list