The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hi @ all,
i'm pretty new to this openwrt thing. Everything is working so far. But i don't know how to setup a Internet Access Restriction. I want to allow a specific computer Internet Access only for a defined time. How can i realize this. Is it done by cron + iptables ? I hope somebody can help me with this. Thanks a lot
der_Kief
(Last edited by der_Kief on 19 Nov 2006, 21:50)
Hi -
I personally do it semi, my children are limited by time to access the internet.
Basically I have 2 different dhcp setups - I give my children different IP's according to time.
At night they get an ip which is blocked in iptables so they only can get and send email.
The switch is done by cron, I would prefer to use the time module of IPtables, but that require that the kernel is compiled with that option, which RC6 is not, some say it will come but until then - there is the half good way.
hope you can use the information 
Hi,
thanks for the useful information. I think i give it a try ( because children don't hear what adults say )
Hopefully the time module of IPtables is integrated soon. Or is there maybe another possibility to realize
access restrictions driven by time ?
der_Kief
ok,
here is my version
I use an USB disk mounted on /opt/
I did :
15 minute lease time.
The 15 min lease time make sure that the IP will change inside a 15 minute window.
nvram set lan_dhcp_lease=900
nvram commit
mkdir /opt/etc
mv /etc/ethers /opt/etc
cp /opt/etc/ethers /opt/etc/ethers.open
cp /opt/etc/ethers /opt/etc/ethers.closedethers has the list of MAC-address to IP
edit ethers.closed so the closed ip's are in the closed range.
edit ethers.open so the open ip's are in the closed range.
edit crontab:
open every day at 8 and close on day before week days 21:45 and 00:30 on weekends.
crontab -e
0 8 * * * cp /opt/etc/ethers.open /opt/etc/ethers >/dev/null 2>&1
45 21 * * sun,mon,tue,wed,thu cp /opt/etc/ethers.closed /opt/etc/ethers >/dev/null 2>&1
30 0 * * fri,sat cp /opt/etc/ethers.closed /opt/etc/ethers >/dev/null 2>&1go to :
http://www.macsat.com/macsat
and setup crond as decsribed in the cron tutorial.
Next to do is to block the selected range of ip's in the FW, I use FW-builder to make it the FW script in a GUI.
Here I block everything to/from INET except email (pop3/smtp and dns).
That should be it... 
I hope I remembered every small step
Hi,
I support too the inclusion of the time patch into iptables! This would be the cleanest way to control access based on calendar/time, and allow to add an access control page to Webif^2...
I have to say - you must restart dnsmasq every time you change the ethers file.
I changed the crontab to
crontab -e
0 8 * * * /opt/usr/bin/dhcpopen.sh >/dev/null 2>&1
45 21 * * sun,mon,tue,wed,thu /opt/usr/bin/dhcpclose.sh >/dev/null 2>&1
30 1 * * sat,sun /opt/usr/bin/dhcpclose.sh >/dev/null 2>&1
58 22 * * * /opt/usr/bin/dhcpclose.sh >/dev/null 2>&1and made 2 script files I show the dhcpclose.sh you guess the dhcpopen.sh
#/bin/ash
cp /opt/etc/ethers.closed /etc/ethers
killall -q dnsmasq
/etc/init.d/S50dnsmasq(sometimes the dnsmasq did not stop, thats the reason for the killall -q dnsmasq, I know it's already in the dnsmasq script.
PS. remember I use a disk on usb mounted on /opt/
/Evats
(Last edited by Evats on 4 Dec 2006, 22:41)
I would prefer to use the time module of IPtables, but that require that the kernel is compiled with that option,
And idea when this will be supported ?
der_Kief
And idea when this will be supported ?
Well, libipt_time is already included in Kamikaze. I've tried to backport it to WhiteRussian but I had no luck.
Hi,
any news to this ? How is the libipt_time configured in Kamikaze ? Is there an Howto or a description.
I think thats interesting for a lot of people (especially for those "non Linux" experts)
Thanks.
der_Kief
(Last edited by der_Kief on 7 Apr 2007, 14:27)
Hi @ All,
after a long absence i wanted to know if there is any news about this ? Is this supported in the new kamikaze releases ?
der_Kief
I'm working on a new way to limit access. I have a mock up screen here:
http://www.avidz.net/scerpio/mia.html
Is this what you have in mind?
ahhh, this is exactly what i need. could you tell me more about this ?
Walgo (from france)
Thx !
(Last edited by walgo on 7 Feb 2009, 09:45)
I was looking for a way to prevent my kids from getting on the internet all day. I'm aware that current routers offer some sort of scheduling access, but it's hard to set up, and not flexible enough to offer granular time block for each day for each computer. The UI you saw is a mockup, which demonstrates the capability. It was also used as a proof of concept. I have a working version now running on my own custom router at home.
I'm in the process of integrating it into the home-based routers. My first router is the Trendnet tew-652brp. Unfortunately, openwrt does not support it yet, so I'm trying to get around that by making it an add-on to the stock firmware. My goal is to offer it as an add-on feature to any router, whether it's openwrt or stock firmware, probably whichever is easier for me to do.
What I came up with was for my requirement. If anyone has any other feature they think should be included, please feel free to chime in. This could be an entirely new project.
MIA has moved to:
The discussion might have continued from here.