help with a linux routing project

[Techn0freak]

hello.
I currently i have linux box during routing for a school classroom - eth0 connected to the school internet connect, getting an ip address from the schools dhcp server - eth1 connected to a few hubs to share the internet access to about 30 other computers running win95, also eth1 serves dhcp to the computers.

right now we have it set up so that the teacher can shutoff the internet on eth1 my using this command - ifconfig eth0 down - while still allowing the students to share there files and print with the classroom network - then we use - ifconfig eth0 up and /etc/rc.d/init.d/network restart - to turn on the internet for the classroom.

what we want to able to do is, be able to turn off the internet to each computer seperately - like if most of the students are working on an assigment and a few get done, we want to those few who get dont early to have access to the internet, but for all the other student who are not done they dont get internet access.

I was wondering if someone could give me some help and kinda point me in the right direction

 

[LNXman]

What I would suggest you to do would be to use iptables (as long as you are using kernel 2.4.X, otherwise you can use ipchains), and unique rulesets for each of your win95 machines.

I would create a ruleset for each machine by machine name:

example:

Let's assume I have 5 win95 machines with the names, Isuck1, Isuck2, Isuck3, Isuck4 and Isuck5. .
Then, since I want to control the connectivity in each machine, I would create chain rules scripts for each machine:

Let's call the script for Isuck1, isuck1.sh:
In it, I would script something like:

-------------------------------------------->8-------------------------------------
#!/bin/sh

#you would source a variable file here

#script functions
start_chain()
{
#start connection ruleset
iptables -A ISUCK1 . . . blah, blah. . .
.
.
.
}

stop_chain()
{
#stop connection to this machine
iptables -A ISUCK1. . blah, blah, blah. . .
.
.
.
}

############
# MAIN

#First, flush everything
iptables -F ISUCK1
#recreate it as new
iptables -N ISUCK1

#look at end-user choice
case $1 in
'start')
start_chain
;;
'stop')
stop_chain
;;
*)
echo "usage $0 start|stop"
esac

------------------------------------------------>8--------------------------------------

So that I can turn the connection on, and off for this particular machine like so:
isuck1.sh start (to allow connection)
isuck1.sh stop (to stop connection)

Then I would do the same for the other 4 machines (of course by changing the ruleset from ISUCK1 to the respective ISUCK<machine_number>.

Mind you, this is just a brain storm, and not detailed description, or the approach.

One thing I think you should consider as well, is having one main script which sets up your global rulesets and within it loads up the individual rulesets for all the machines.

Something like:

-------------------------------------------->8--------------------------------------------
#!/bin/sh

#you would source a variable file here

#flags that need to be turned on
.
.
.
#clear all global rulesets
ipables -F . . . Blah, Blah, blah. . .
.
.
.
#clear all individual machine rulesets
isuck1.sh stop
isuck2.sh stop
.
.
.
isuckN.sh stop
.
.
.
#start new global rulesets
iptables -N . . .. blah, blah, blah
.
.
.
#start individual machine rulesets
isuck1.sh start
isuck2.sh start
.
.
.
isuckN.sh start
.
.
.
#other global rulesets. . .
.
.
.
#done
------------------------------------------->8--------------------------------

Check out this link for a brief tutorial on iptables. If it does not help you, you can always use Google to search for more help.

And, before I forget, since you may decide to do this, you may have to have another file to source variables you mostlikely use for ALL scripts . . . If you need help with that, you can ask the forums, and someone will help you.

Just don't forget ot make your kernel support iptables. . .

GL

/edit: fixed iptable pseudo code

 

[Techn0freak]

thanks