Restrict network access by time or IP address with Squid

Jack Wallen
Jun 19, 2010
Updated • Dec 27, 2012
Linux
|
15

There are a number of reasons why you would want to restrict network access. You run a cafe with web access or you have young or teenage children and you want them to only be able to use the network at certain times. Their are certainly tools out there to do this on a PC-by-PC basis, but why not employ a proxy server instead? One of the best (and most robust) proxy servers available for the Linux operating system is the Squid Proxy server. But don't let the name fool you, you do not have to install Squid on a server. You can just as easily install squid on a Linux desktop machine and control network access from your LAN.

Of course when you open up your /etc/squid/squid.conf file you might be a bit overwhelmed. So in this article I am going to show you two ways to limit access with Squid (instead of tossing the whole configuration file at you at once). I will also show you the quick and dirty method of installing Squid on a Fedora 13 machine. Once done with this article, you will at least be able to control network access by time or by IP address. In later articles we will discuss other ways to control network access with Squid.

Installation

Installation is quite simple. You can do this two ways: Command line or using the Add/Remove Software tool. Let's take a look at the latter first.

In order to install Squid from the Add/Remove Software tool follow these steps:

  1. Click System > Administration > Add/Remove Software
  2. Search for "squid" (no quotes).
  3. Select the Squid application for installation.
  4. Click Apply to install.

That's it. Now let's take a look at the command line version of the same task. To do this, follow these steps:

  1. Open up a terminal window by clicking Applications > System Tools > Terminal.
  2. Issue the command su and then enter your root password.
  3. Issue the command yum install squid.
  4. If your system requires dependencies, allow them as well as the installation to continue.
  5. When finished exit out of the root prompt by issuing the command exit.

That's it. Squid is now installed. Now, on to the configuration.

Configuration

The configuration file you need to edit is /etc/squid/squid.conf. Open that file up with your favorite text editor and get ready to configure. The first set up I am going to show you is how to restrict access by time. To do this you are going to create Access Control Lists (ACLs).

Let's assume you are restricting access on an internal LAN with an IP scheme of 192.168.1.0 with a subnet mask of 255.255.255.0. And let's say you are restricting access for your teenage children such that they can only access the network from the hours of 3:00pm until 7:00pm (just a random time I used for example). For this you will need to add two ACLs to your configuration file. Add this first section to the bottom of the ACL section of the file (You will see a long list of lines that start out acl). For restricting to the times I prescribed above the ACLs would look like:

acl home_network src 192.168.1.0/24
acl kids_hours time M T W H F 15:00-19:00

The first line defines the source of the connection and the second line defines the allowed time period.

To finish off this configuration you will need to add another line, this time you will add this section at the bottom of the http_access section (Under the Insert your own rules... here section). This line looks like:

http_access allow home_network kids_hours

NOTE: You could also create an acl for weekend hours to allow more access during those days.

Now, let's say one of those teens has had trouble with grades and you want to completely restrict access to only that one machine (say the IP address for that child is 192.168.1.10), while continuing to control access to the other machines. To do this you could add a third ACL like so:

acl RestrictedHost src 192.168.1.10

Back to the http_access section you would then add this line:

http_access deny RestrictedHost

Save and close that file. Now restart Squid with the command (run as the root user):

/etc/rc.d/init.d/squid restart

The last thing you need to do is to configure the PCs of those who need to go through the Proxy server. Remember, Squid uses port 3128.

Final thoughts

Squid is a very powerful tool that can be used to to limit access in numerous ways. What I have shown you is only scratching the surface of Squid's power, but it give you a good idea where to start and how far it can go.

Advertisement

Related content

ubuntu 23.10 desktop

Canonical: up to 12 years of support for Ubuntu 24.04 LTS
Linux Mint 21.3

Linux Mint 21.3 is now available with experimental Wayland support
Mouse

Lan Mouse: open source cross-platform mouse and keyboard sharing software
ubuntu 23.10 desktop

Ubuntu 23.10 released with new Ubuntu App Center and security improvements
Looney Tunables CVE-2023-4911

Linux users, take action against the "Looney Tunables" now

Privacy is Sexy: custom privacy scripts for Windows, Linux and macOS

Previous Post: «
Next Post: «

Comments

  1. Saveen said on January 29, 2014 at 5:14 am
    Reply

    Hi, Thank you for this infor. but Starting of the restriction time is finely working but after ending the restriction time it wont block the restricted web sites. But once I restart the squid it works fine

    Please help me

  2. jasray said on June 20, 2010 at 2:12 am
    Reply

    DD-WRT? Or even OpenDNS, yes?

  3. ghostwind said on June 19, 2010 at 11:17 pm
    Reply

    What distro are you using?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved