Re: Deny access from localhost to internet.....
2007/9/29 RW [EMAIL PROTECTED]: On Sun, 30 Sep 2007 02:22:42 +0200 Sten Daniel Soersdal [EMAIL PROTECTED] wrote: Agus wrote: Hi guys, How are you today? The question is this..I want to restrict external access, that is from my BSD to the internet, to some groups of users. Other groups i want to access internet normally. I dont want this group of users to be able to establish connections to the internet but yes to the internal systems on the LAN... Is this possible without hacking the kernel? Thanks and salutes for all You want to restrict internet, but not LAN, access for certain users logged into your BSD box? man ipfw ( look for uid and gid ) man pf( look for user and group ) Danger Will Robinson! Don't do that unless you've read the bugs sections of the ipfw and pf.conf man pages. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] OK...cool...i am using pf as firewall...arent any issues in using both? i mean pf and ipfw? Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Deny access from localhost to internet.....
On Sun, 30 Sep 2007 02:22:42 +0200 Sten Daniel Soersdal [EMAIL PROTECTED] wrote: Agus wrote: Hi guys, How are you today? The question is this..I want to restrict external access, that is from my BSD to the internet, to some groups of users. Other groups i want to access internet normally. I dont want this group of users to be able to establish connections to the internet but yes to the internal systems on the LAN... Is this possible without hacking the kernel? Thanks and salutes for all You want to restrict internet, but not LAN, access for certain users logged into your BSD box? man ipfw ( look for uid and gid ) man pf( look for user and group ) Danger Will Robinson! Don't do that unless you've read the bugs sections of the ipfw and pf.conf man pages. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Deny access from localhost to internet.....
Agus wrote: Hi guys, How are you today? The question is this..I want to restrict external access, that is from my BSD to the internet, to some groups of users. Other groups i want to access internet normally. I dont want this group of users to be able to establish connections to the internet but yes to the internal systems on the LAN... Is this possible without hacking the kernel? Thanks and salutes for all You want to restrict internet, but not LAN, access for certain users logged into your BSD box? man ipfw( look for uid and gid ) man pf ( look for user and group ) -- Sten Daniel Soersdal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Deny access from localhost to internet.....
Hi guys, How are you today? The question is this..I want to restrict external access, that is from my BSD to the internet, to some groups of users. Other groups i want to access internet normally. I dont want this group of users to be able to establish connections to the internet but yes to the internal systems on the LAN... Is this possible without hacking the kernel? Thanks and salutes for all Agusitn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Deny access from localhost to internet.....
On Sep 28, 2007, at 10:51 AM, Agus wrote: The question is this..I want to restrict external access, that is from my BSD to the internet, to some groups of users. Other groups i want to access internet normally. I dont want this group of users to be able to establish connections to the internet but yes to the internal systems on the LAN... Is this possible without hacking the kernel? Sure. Install a proxy mechanism like SOCKS or Squid (if you just want to control web traffic) which requires users to authenticate before they are allowed to connect to the net... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]