On Thu, Mar 28, 2002 at 04:18:35PM -0500, Doug Monroe wrote: > [EMAIL PROTECTED] wrote: > > > > thats no problem redirect port 80 and 20 > > to a machine running squid as a proxy > > in the squid.conf you can do the setup > > for differnt kind of users (password usw) and so on , everything is logged > > in squid if you want > > happy easter > > usally big companies use this for control their users > > consult the iptables manual configure it for using a proxy > > and than the man of squid > > but a proxy like squid only helps for users who want web access. It will not > help in cases where someone uses ICQ, or command-line FTP, or telnet, or SSH > or any other un-proxied proto. Then again...since all those commercial > products I mentioned rely on your starting an HTTP connection which gets > trapped and redirected to the HTTP-based login/payment/auth mechanism, I > suppose you could have squid proxy trap and redirect to a CGI that > autenticates/bills and adds fw rules based on IP and those rules could then > allow whatever proto/port traffic you decide is acceptable.
That pop-up screen for usr/pass authentication that appears right after an outgoing packet is detected, requires additional software on the client machines. Ramin > > Also...I should add that a nice feature of some commercial offerings allows > the users networking params (gateway, DNS, etc) to remain unchanged. Again, I > believe this is done thru proxy arp.
