:-) This post is subject advanced, obviate all the knowledge necessary to understand what I am going to explain.
This is a summary of how I have set my house on the proxy for internet access control node
my Wireless
Valencia. 
Proxy: Squid . Compile options:
- enable-arp-acl
can then configure ACLs using MAC address (only on the same network segment). - enable-delay-pools
need to configure the control bandwidth.
real example of ACLs.
either order. acl src 10.34.12.48/28
wifi - wifi network source
wifi2 acl src 10.34.13.48/28 - the source of the second interface
wifi lan src 192.168.0.0/16 acl - home range LAN full Landstar
dst 192.168.0.0/16 acl - target the full range of local network acl
RedLibre dst 10.0.0.0 / 8 - Target the full range of internet RedLibre
dst 0.0.0.0/0.0.0.0 acl - generic destination for "everything internet" acl allowed
dstdomain "/ usr / local / squid / etc / permitidos.conf" - Domains
allowed acl blocked dstdomain "/ usr / local / squid / etc / bloqueados.conf" - acl blocked domains
dstdomain spies "/ usr / local / squid / etc / espias.conf" - known spyware domains
vip acl arp "/ usr / local / squid / etc / vip.conf" - trusted MAC addresses
acl arp usual "/ usr / local / squid / etc / habituales.conf" - MAC addresses common
req_mime_type messenger acl-i ^ application / x-msn-messenger $ - especially for access msn messenger
real example access control using the previous ACL. Squid
interpreted in strict order, so placement is very important, they should be more permissive access to the final. Landstar
http_access deny - no one can connect to the local network spy
http_access deny - no one can connect to the malicious domains
allowed http_access allow wifi - the wireless IP domains can access allowed http_access allow wifi
RedLibre - the wireless IP can access RedLibre
wifi2 allowed http_access allow - same for second wifi interface
wifi2 http_access allow RedLibre - same for second wifi interface
http_access deny blocked messenger - messenger program can not access the blocked domains
http_access allow internet messenger - messenger program to connect to internet http_access deny
blocked usual - regular users can not access the blocked domains
usual internet http_access allow - regular users can access internet http_access allow
internet vip - trusted users have full access
internet internet http_access allow lan - local area network has full access to internet internet http_access deny
- if not explicitly allowed above, is locked. Also, if for some reason there is any error, and the request does not match any previous rule can not be accessed anywhere, this rule closes any holes that may have unintended
real example of bandwidth control with delay pools. Four
delay pools, three of type 1 and type 2
delay_class delay_class January 1 January 2 February 3 delay_class delay_class April 1
delay_access 1 allow
lan - local area network access to type 1
delay_access 2 allow
allowed - allowed domains, type 2
delay_access 3 RedLibre allow - RedLibre, type 3 3
delay_access allow usual - usual type 3
delay_access 3 vip allow - of trust, type 3 4
delay_access allow all - if not defined above, type 4
delay_parameters 1 -1/-1
- type 1, 2 unlimited delay_parameters 30720/15360
- type 2, 30 KB / s with gusts up to 15 KB
delay_parameters 3 122880 / 61440 61440 / 30720 - Type 3, 120 KB / s with gusts up to 64 KB, for all authorized this guy, with a limit per customer of 64 KB / s burst of 32 KB
5120/5120 delay_parameters 4 - Type 4, 5KB / s burst 5KB, only to cover potential configuration errors and prevent it from escaping nothing
auxiliary programs: IR
Redirector
Sets
every X seconds, when a customer makes a request it returns a default web, rather than the one requested. I have it set to display a 60-minute web Welcome to Valencia Wireless. It is a very very simple substitute for a captive portal. Squid Graph
allows charting and usage statistics proxy. Can be very useful, since they indicate the percentage of successes in the disk cache and memory, the number of total hits, average, and total and average of Mbytes transferred and cached. And it paints a really cool graphic
