controlling internet access on Lan by duration
This is a discussion on controlling internet access on Lan by duration within the Linux Networking forums, part of the Linux Forums category; Hi, I am thinking of setting up a linux server on a small lan. This linux server will be connected ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-28-2004
|
|||
|
|||
controlling internet access on Lan by duration
Hi,
I am thinking of setting up a linux server on a small lan. This linux server will be connected to the internet on a dialup. Win 98 boxes on the lan will access internet through the linux box (though proxy? any other alternatives?). I intend to control internet access for win boxes by duration. For example i've allotted 2 hours to a box, it can only access the net for 2 hours. After that, no access is possible. Any ideas how to do this? I've looked at some proxies and none of them can do this. Though i am new to linux and networking, i can program c/c++/python etc. So i won't shrink from implementing part of the solution myself. One advice i was given was to configure squid and acls, do tail -f on access.log and process that data. Though i can figure out the bandwidth and access times of the user in this way, i have no way of figuring out when the user stopped using internet to calculate how long he has been using it. One solution that just came to my mind would be for user to log on to the server (i could implement a small python server for this). When he is logged on and if his duration has not been exceded, enable his account in the acl and start his time. When time is up disable him in acl. But he will have to log off explicitly when he's done. Loggin in and out to be done via a gui client on the winbox. hmm... any better solutions? Thanks, Ali 
|
|
06-28-2004
|
|||
|
|||
|
Re: controlling internet access on Lan by duration
M Ali wrote:
> Hi, > > I am thinking of setting up a linux server on a small lan. This linux > server will be connected to the internet on a dialup. Win 98 boxes on > the lan will access internet through the linux box (though proxy? any > other alternatives?). > > I intend to control internet access for win boxes by duration. For > example i've allotted 2 hours to a box, it can only access the net for > 2 hours. After that, no access is possible. > > Any ideas how to do this? I've looked at some proxies and none of them > can do this. > > Though i am new to linux and networking, i can program c/c++/python > etc. So i won't shrink from implementing part of the solution myself. > > One advice i was given was to configure squid and acls, do tail -f on > access.log and process that data. Though i can figure out the > bandwidth and access times of the user in this way, i have no way of > figuring out when the user stopped using internet to calculate how > long he has been using it. > > One solution that just came to my mind would be for user to log on to > the server (i could implement a small python server for this). When he > is logged on and if his duration has not been exceded, enable his > account in the acl and start his time. When time is up disable him in > acl. But he will have to log off explicitly when he's done. Loggin in > and out to be done via a gui client on the winbox. > > hmm... any better solutions? > > Thanks, > Ali The logon solution is good. I would go with a web page instead of Windows GUI (easier to maintain). As for the access control, here is a quick solution. First edit your server logon page/gui to do the following: 1) Write the client IP in a new file in a specific location on the server (say /var/webaccess/) 2) Update the server iptables rules to allow the internet access for this IP Then write a simple bash script that will check the modification time of the files in /var/webaccess and that will deny access to IPs (iptables) if the associated files are older than 2 hours. Finally you add a simple cron job running every 5 minutes that will call this bash script. This solution is low-tech and not very sexy, but it will work. -- LucM Visit your friends > www.gnu.org > www.greenpeace.org
|
|
06-29-2004
|
|||
|
|||
|
Re: controlling internet access on Lan by duration
LucM <lucm@iqato.moc> wrote in message
> The logon solution is good. I would go with a web page instead of > Windows GUI (easier to maintain). > > As for the access control, here is a quick solution. > > First edit your server logon page/gui to do the following: > 1) Write the client IP in a new file in a specific location on the > server (say /var/webaccess/) > 2) Update the server iptables rules to allow the internet access for this IP > > Then write a simple bash script that will check the modification time of > the files in /var/webaccess and that will deny access to IPs (iptables) > if the associated files are older than 2 hours. > > Finally you add a simple cron job running every 5 minutes that will call > this bash script. > > This solution is low-tech and not very sexy, but it will work. Thanks a lot, this was really helpful (I, for myself, like non-complicated solutions as it isn't easy to fudge them up and easier to recover in case of a fudge-up...)
|
Linear Mode
