[EMAIL PROTECTED] wrote: > > thats no problem redirect port 80 and 20 > to a machine running squid as a proxy > in the squid.conf you can do the setup > for differnt kind of users (password usw) and so on , everything is logged > in squid if you want > happy easter > usally big companies use this for control their users > consult the iptables manual configure it for using a proxy > and than the man of squid
but a proxy like squid only helps for users who want web access. It will not help in cases where someone uses ICQ, or command-line FTP, or telnet, or SSH or any other un-proxied proto. Then again...since all those commercial products I mentioned rely on your starting an HTTP connection which gets trapped and redirected to the HTTP-based login/payment/auth mechanism, I suppose you could have squid proxy trap and redirect to a CGI that autenticates/bills and adds fw rules based on IP and those rules could then allow whatever proto/port traffic you decide is acceptable. Also...I should add that a nice feature of some commercial offerings allows the users networking params (gateway, DNS, etc) to remain unchanged. Again, I believe this is done thru proxy arp.
