From owner-freebsd-questions Thu Apr 5 10:25:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtppop1pub.verizon.net (smtppop1pub.gte.net [206.46.170.20]) by hub.freebsd.org (Postfix) with ESMTP id 35D0337B424 for ; Thu, 5 Apr 2001 10:25:21 -0700 (PDT) (envelope-from res03db2@gte.net) Received: from gte.net (evrtwa1-ar4-4-34-145-186.dsl.gtei.net [4.34.145.186]) by smtppop1pub.verizon.net with ESMTP ; id MAA84522973 Thu, 5 Apr 2001 12:18:16 -0500 (CDT) Received: (from res03db2@localhost) by gte.net (8.9.3/8.9.3) id KAA16914; Thu, 5 Apr 2001 10:26:31 -0700 (PDT) (envelope-from res03db2@gte.net) Date: Thu, 5 Apr 2001 10:26:31 -0700 From: Robert Clark To: Kurtis Smith Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Traffic shaping natd dhcp and ipfw Message-ID: <20010405102631.A16896@darkstar.gte.net> References: <5.0.2.1.0.20010405090117.00a6dd90@64.161.89.218> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <5.0.2.1.0.20010405090117.00a6dd90@64.161.89.218>; from ksscendyn@yahoo.com on Thu, Apr 05, 2001 at 09:07:51AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I ran into a similar situation once. The easiest way to handle web access, was to setup a proxy, and force people to use that. Once that is done, the control options are numerous. [RC] On Thu, Apr 05, 2001 at 09:07:51AM -0700, Kurtis Smith wrote: > Ok everyone's bosses gets into it when everyone and there grandma > has access to the Internet. Well at my work they are wanting to block > entire access including www, FTP, email for certain machines. So here > I am asking instead of how to get them access, but now to block access. > > Background. I have a Dual homed host machine with an open > Firewall providing. > > DNS, WWW, FTP, EMAIL, SENDMAIL services with a few others. > > Anyhow I have isc-dhcpd 2.0 running with NATD on xl1. > I have xl0 and xl1 > > I have never done any Firewall programming yet. heheheh too lazy > and scared. > > So what I am wondering is do I set DHCPD to not have a > default lease expire time? > > Or do I put something in NATD to block access? > > Or do I add something to the open Firewall? > Dam it I wish I had my account working in X or something heheheh. > > Anyhow I think you all know what I would like to do . I got the ip from the > > /var/log/dhcpd.leases file however they will expire in about 2 weeks. > So got to fix the hand out time first I would think. > Can someone help me out and give me links. > > I searched and found some info before asking but its difficult being new to > unix .. > 9 months now. > > thanks, > > -Kurt > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message