Hi I think you can accomplish this by using squid acl's. You would need to setup squid (either as a transparent or non-transparent (opaque?) ) proxy. Configure a squid acl to use a file. Have the web application (where students check out assignments) write the acl file that squid requires. That's it. Ray On Wed, 2003-04-02 at 02:31, Danny Patel wrote: > Hi, > Thanks for the awesome packet filtering tool. It has really come in > handy for our school setup. I have on issue that I am hoping you can > help me with. After thoroughly researching this issue I can't seem to > find any solution to the following situation in my school setup: > > The server is Gateway/Firewall > IPTables ver: 1.2.6 > Kernel: 2.4.18 (Red Hat) > Cable Modem (with DHCP for external address) > Internal network: 192.168.1.0/24 > Internal interface: eth0 > External interface: eth1 > Internally we use DHCP service to allocate ips to the student PCs. > (192.168.1.0/24) > > Goal of what I am trying to do: When the firewall first starts we > would like to redirect all HTTP traffic headed to the internet from > the student PCs to our internal webserver (192.168.1.1) where the > students are first required to pick an assignment. Once a student > picks an assignment then we would like to allow only that student's ip > to access the internet, hence allow his HTTP traffic out to the > internet. This way we can restrict the students from wasting time and > allow us to keep records of each student accepting assignments before > having access to the internet to do the research for the assignment. > > The key here is to only allow those student PCs that have selected an > assignment access to the internet and redirect all other students to > our local webserver till they pick an assignment. > > From my current understanding of IPTables it appears that you can only > do redirection/dnat in the -t nat PREROUTING chain but then this ends > up applying to all IPs instead of select few. > > Any help is greatly appreciated. > > Thanks in advance
Attachment:
signature.asc
Description: This is a digitally signed message part
