Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
K1D32015-10-19 15:35:50
Computer networks
K1D3, 2015-10-19 15:35:50

How to properly restrict access to the Internet?

Hello. I am a novice system administrator (in fact, an advanced enikey). The task is to build a small network (only 10 computers). From this network, only three computers should be able to access the Internet. The rest of the Internet is contraindicated, and they should only access the local network. A Linux server with NAT and Squid will be used as a gateway. It's not a problem to configure all this, but two questions arise:
1) How best to make a restriction on the use of the Internet (I remind you that only three computers should have Internet access). The only thing that comes to mind is MAC restriction with iptables.
2) One of the computers is a laptop. Since it is only one, it makes no sense to make WiFi, and the laptop is connected via cable. A user who works on a laptop can distribute his Internet via a WiFi module. That is, his laptop will act as an access point that will allow anyone to access the Internet. Is there any way to deal with this?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
A
alexandr, 2015-10-19
@alexxandr

1. ACLs in Squide are good for this
2. Nothing. You can enter a laptop into a domain and deny it WiFi

Report
C
chupasaurus, 2015-10-19
@chupasaurus

1. Maxim replied.
2. If the laptop is not remote - create an admin account and take away the rights from the user. Well, or forget about the lack of Internet for the rest :)

Report
N
nfire, 2015-10-19
@nfire

If the task of restricting access is so radical, then it is better to go the "legal" rather than the technical route. You give access to 3 SPs (poppies) and in a month or two a report on visited nodes to the authorities.
Otherwise, the restriction on the launch of Wi-Fi, the ban on connecting flash drives, BIOS passwords and other joys that are not elementary, but manageable.

Report
V
Vladislav_vb, 2015-10-20
@Vladislav_vb

For restriction, you can use both Squid and iptables, you can raise a VPN server. But all this can be bypassed by running a proxy on allowed computers. So, as nfire said, no one canceled the "legal" moment.
For a laptop, you can pull out the Wi-Fi card.

Report
A
Archangel, 2015-10-20
@Archangel

You can protect yourself from distributing the Internet over Wi-Fi simply by kicking packets with a TTL greater than 1 on the local interface on the router. But, I agree with Vladislav_vb , this will not save you from a proxy.

Similar questions
M
Michael2016-08-01 14:57:08
The program on Wolfram Mathematica-10 is unclear why it is suspended, why? 2Reply
A
Alibek Kulseitov2016-08-04 09:58:07
Show DIV if user moved mouse away from site? 6Reply
D
DonorOfLove2021-05-07 22:50:15
How to align an icon to the bottom right corner? 4Reply
G
genya-yatsun2018-12-21 18:44:41
How to redirect internal network address to mikrotik internal network? 1Reply
I
Ilya Kaznacheev2014-06-27 17:12:48
What is Sequence and Acknowledgment Number in TCP header? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question