Question on Access Plans on Firewall (Kind of like an ISP)
karun at karun.lorikeet.id.au
Mon Jan 21 16:12:03 EST 2002
On Monday 21 January 2002 03:49 pm, Sam Couter wrote:
> Peter Foley <pjfoley at austarmetro.com.au> wrote:
> > My Parents are deciding to get Transact as well, and my mother has asked
> > me to put together something that will be able to restrict my brother to
> > only using the Net during certain times of the day and also give him a MB
> > Limit.
> ... and a little box on the power cable of the TV so he can only watch
> it at certain times? A time delay lock on the cookie jar?
> [ remaining rant withheld ]
> > I am still siffting through all the docs that I found on IPTables, would
> > the answers be in there? So far I have not come across anything to
> > suggest that IPTables can do this.
> There is a feature in Linux called Traffic Shaping. Searching Google for
> "traffic shaping linux" turns up heaps of stuff that looks pretty good
> at a glance.
> I don't know if you will be able to do your shaping based on users, but
> you will be able to do it based on IP address. If your brother uses the
> same computer as everyone else then either they'll have to live with the
> same restrictions or you'll have to provide a way for them to be lifted.
> A password protected CGI or something would probably do, depending on
> how smart/determined your brother is.
> Likewise, I don't know about time-based restrictions, but it's not hard
> to write a script to modify the restrictions and run it at certain times
> using cron. You could use a script as simple as
> "echo 1 > /proc/sys/net/ipv4/ip_forward" to enable IP forwarding at the
> appropriate time, and a similar script to disable it.
You could always set up the firewall as a pppoe server and people have to
connect to the network using a pppoe client. you could then assign users
their own ip depending what username/password they use to logon.
More information about the linux