From: Raymond Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Fw: IPTables dynamic routing for school
Date: 07 Apr 2003 18:39:25 +0200 [thread overview]
Message-ID: <1049733564.4868.16.camel@raylinux.internal> (raw)
In-Reply-To: <OE31nHM3SOlbpH71yEX0000100b@hotmail.com>
[-- Attachment #1: Type: text/plain, Size: 2102 bytes --]
Hi
I think you can accomplish this by using squid acl's.
You would need to setup squid (either as a transparent or
non-transparent (opaque?) ) proxy.
Configure a squid acl to use a file.
Have the web application (where students check out assignments) write
the acl file that squid requires.
That's it.
Ray
On Wed, 2003-04-02 at 02:31, Danny Patel wrote:
> Hi,
> Thanks for the awesome packet filtering tool. It has really come in
> handy for our school setup. I have on issue that I am hoping you can
> help me with. After thoroughly researching this issue I can't seem to
> find any solution to the following situation in my school setup:
>
> The server is Gateway/Firewall
> IPTables ver: 1.2.6
> Kernel: 2.4.18 (Red Hat)
> Cable Modem (with DHCP for external address)
> Internal network: 192.168.1.0/24
> Internal interface: eth0
> External interface: eth1
> Internally we use DHCP service to allocate ips to the student PCs.
> (192.168.1.0/24)
>
> Goal of what I am trying to do: When the firewall first starts we
> would like to redirect all HTTP traffic headed to the internet from
> the student PCs to our internal webserver (192.168.1.1) where the
> students are first required to pick an assignment. Once a student
> picks an assignment then we would like to allow only that student's ip
> to access the internet, hence allow his HTTP traffic out to the
> internet. This way we can restrict the students from wasting time and
> allow us to keep records of each student accepting assignments before
> having access to the internet to do the research for the assignment.
>
> The key here is to only allow those student PCs that have selected an
> assignment access to the internet and redirect all other students to
> our local webserver till they pick an assignment.
>
> From my current understanding of IPTables it appears that you can only
> do redirection/dnat in the -t nat PREROUTING chain but then this ends
> up applying to all IPs instead of select few.
>
> Any help is greatly appreciated.
>
> Thanks in advance
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
prev parent reply other threads:[~2003-04-07 16:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-02 0:31 Fw: IPTables dynamic routing for school Danny Patel
2003-04-07 16:39 ` Raymond Leach [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1049733564.4868.16.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.