Answer the question
In order to leave comments, you need to log in
How to properly restrict access to the Internet?
Hello. I am a novice system administrator (in fact, an advanced enikey). The task is to build a small network (only 10 computers). From this network, only three computers should be able to access the Internet. The rest of the Internet is contraindicated, and they should only access the local network. A Linux server with NAT and Squid will be used as a gateway. It's not a problem to configure all this, but two questions arise:
1) How best to make a restriction on the use of the Internet (I remind you that only three computers should have Internet access). The only thing that comes to mind is MAC restriction with iptables.
2) One of the computers is a laptop. Since it is only one, it makes no sense to make WiFi, and the laptop is connected via cable. A user who works on a laptop can distribute his Internet via a WiFi module. That is, his laptop will act as an access point that will allow anyone to access the Internet. Is there any way to deal with this?
Answer the question
In order to leave comments, you need to log in
1. ACLs in Squide are good for this
2. Nothing. You can enter a laptop into a domain and deny it WiFi
1. Maxim replied.
2. If the laptop is not remote - create an admin account and take away the rights from the user. Well, or forget about the lack of Internet for the rest :)
If the task of restricting access is so radical, then it is better to go the "legal" rather than the technical route. You give access to 3 SPs (poppies) and in a month or two a report on visited nodes to the authorities.
Otherwise, the restriction on the launch of Wi-Fi, the ban on connecting flash drives, BIOS passwords and other joys that are not elementary, but manageable.
For restriction, you can use both Squid and iptables, you can raise a VPN server. But all this can be bypassed by running a proxy on allowed computers. So, as nfire said, no one canceled the "legal" moment.
For a laptop, you can pull out the Wi-Fi card.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question