[KLUG Members] Using Linux to conrol internet access for WinX boxen.

[Patrick Stockton]

Is the goal of this to restrict who can and cannot access the internet?

If this is the case then you might be able to simply set up your proxy
server and manually configure the individual boxes (providing they aren't
shared boxes) with the proper proxy information.

You can also set up an ACL list (again provided you have a static IP address
assigned to each machine) to only allow access from certain IP addresses.
No username information required.

Squid is highly configurable and customizable almost to the point that when
you first get in it's a little overwhelming.

I'd suggest looking up www.webmin.com for the webmin utility to help in
configuring your Squid server once it's up.  It helped me figure out a lot
of the more abscure details needed in configuring Squid.

Patrick

----- Original Message -----
From: "Adam Williams" <awilliam@whitemice.org>
To: <members@kalamazoolinux.org>
Sent: Tuesday, November 06, 2001 12:58 PM
Subject: Re: [KLUG Members] Using Linux to conrol internet access for WinX
boxen.


> >> Hmmm... there is a very strong desire for this to be invisible to the
> >> users...
> >> Considering that windows passwords are stored in each user's .pwl
file...
> >> perhaps that might be do-able... inasmuch as I hate relying on the
> >> known risk of relying on a .pwl being secure.
> >You can do this several ways.
> >You can use your firewall (which can be Linux) to redirect all port 80,
> >443 and other select port requests to the proxy.  You can also setup an
> >autoconfiguration page for most browsers (O'Reilly detailed this
> >recently) and then add the single registry mod in their login script.
>
> For IE 5.0 and greater you can configure your DHCP server to respond to
> it's configuration inquiries (returns a URL to a configuration
> javascript),  then you don't really have to setup anything.
>
> Put
>
> option wpad-url code 252 = text;
> option wpad-url "http://wpad.yourdomain.org/wpad.dat"
>
> at the start of dhcpd.conf outside of any subnet or host declarations.
>
> Both netscape and IE use the same file format only one wants to call it
> wpad.dat and the other proxy.pac.  You can create one or the other  and
> link to it with the other name.  Only you need to tell Netscape to use it
> as far as I can tell,  it doesn't seem to do inquiries.
>
> A proxy file looks like
>
> function FindProxyForURL(URL, host) {
>   if (url.substring(0,5) == "http:") {
>     return "PROXY proxy.yourdomain.org:3128; DIRECT";
>    } else {
>        return "DIRECT";
>       }
>  }
>
> it can of course be much more elaborate, but this is the basic.
>
> Of course all this assume you use DHCP.
>
>
> >As far as authentication, you can compile Squid with CIFS/AD
> >authentication.  And there are countless other ways as well.
>
> Is it in the stock squid these days?
>
> --
> -----------------------------------------------------------
> Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS
> -----------------------------------------------------------
>
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>