Internet access controled by user/protocol

Stefan Held obi at unixkiste.org
Thu Jun 30 13:03:31 UTC 2005


Am Mittwoch, den 29.06.2005, 10:12 -0300 schrieb Marcelo Magno T. Sales:
> Hi,
> 
> I was studying nufw (www.nufw.org), which seemed to solve my problem
> using an iptables module, but this site has been off-line for several
> weeks now :(

You are misunderstanding what ISA exactly is. ISA is a Proxy/Firewall
and Socks Filter all above Proprietary M$ Stuff.

I had a quick lock at the nufw sources and you really don't want to use
it. Controlling Internet Access can be done on an easy way:

Define two groups. Internet-Allowed and Disabled. Make different Policys
for them. The Allowed gets the correct Proxy Server, the Disabled gets a
wrong one. And disable the Modification of the Explorer Environment
through your Policy.

You can also plug the SMBD to the AD with kerberos and samba. Use the
Squid NTLM Login and make rules to groups. I never got that fully
working. 

Good Luck.

> TIA,
> 
> Marcelo
> 


-- 
 Stefan Held                    VI has only 2 Modes:
 obi at unixkiste.org              The first one is for beeping all the time, 
 IRCNet: Obi_Wan                the second destroys the text.   
---------------------------------------------------------------------------
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---------------------------------------------------------------------------
    GPG-Keyprint = EAF2 6A65 D102 F2DB 4970  2A67 455B 98F2 572C 3FA9


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050630/d29bd7b7/attachment-0001.sig>


More information about the fedora-list mailing list