What you want do is feasible. Authentication for outgoing traffic if http can be done thro' squid. If you want masq or nat, look at Horatio. It uses authentication for allowing nat/masq in a typical dhcp LAN where each machines IP is dynamic and hence static IP filtering cannot be applied. It runs on ipchains and not iptables. However, it may not be able to limit access to once a day. Most authentication mechanisms are either time based or URL based but I've not come across no of tries/access instances per day.
HTH -:) Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:leaf-user-admin@;lists.sourceforge.net] On Behalf Of Sanyarin Sent: Tuesday, October 29, 2002 7:25 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Newbie question: would this setup be possible? Hi, I'm a complete newbie concerning PC-based Linux-Routers, so please tell me in case my questions are trivial. My questions: - would it be possible to use the same machine that is running the router as a 'public' (for my intranet) place to leave e.g. patches, driver updates or other useful files on? - is it possible to require an authentication for outgoing traffic at a rate of, let's say, once per day? Feel free to reply with a definitive 'no'/'yes, rtfm!' at this point, although I would appreciate any hint on where to find the 'fine manual' on that. Those asking 'why the hell do you want to?' may read on. My scenario is this: I'm living in a students dormitory, and we recently got equipped with a 100Mbps LAN. Shortly, we'll also get a 2Mbps internet link, requiring a router. I want to have a firewall in place, would like to have the aforementioned public directorys available and additionally, need a way to reliably identify the users, because the management of the dormitory wants to be able to track down possible misuse. Our ISP could only track IP and (possibly) MAC adresses, but I think that both are not reliable enough in case official investigations should occur (or are they?). After all, I would like to save all the other users from having their computers searched or seized, just because some stupid amateur believes he will not get caught. Please tell me if this could work (and perhaps give me a brief hint?), or suggest a better solution under the given circumstances. Thanks in advance to you all, Bj�rn Snippe Hannover, Germany ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
