[ previous ] [ next ] [ threads ]
 
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "'Alex M'" <radiussupport at lrcommunications dot net>
 Cc:  "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Feature Needed: Passthrough for destanation domain name (CP)
 Date:  Sat, 12 Aug 2006 00:08:36 -0400
I just looked at the Index page of CP (the PHP) and I cant find the part
that is responsible for check for pass through IP) only MAC part :-(

Can some one point me where that part of script is?

Thanks!

-----Original Message-----
From: Alex M [mailto:radiussupport at lrcommunications dot net] 
Sent: Friday, August 11, 2006 11:57 PM
To: 'Paul Taylor'
Cc: Mono Dev List
Subject: RE: [m0n0wall-dev] Feature Needed: Passthrough for destanation
domain name (CP)

I like your idea, but I'm curious about one thing! If I currently adding the
IP as safe one and then typing the domain and it gets bliked this means that
DNS server is blocked and name cannot be resolved? Or is that the way code
is written? (I forgot how the code looks like)

If DNS is bloked, how can I unblock it? If that's a code then its probably
even esier! => 

if($HTTP_REQUEST==$safe_domain_array[i] ||$HTTP_REQUEST==$safe_ip_array[i]){
    allow();
}else{ 
    show_captivepage(); 
}



 


-----Original Message-----
From: Paul Taylor [mailto:ptaylor at addressplus dot net] 
Sent: Friday, August 11, 2006 11:45 PM
To: Sven Brill
Cc: Alex M; Mono Dev List
Subject: Re: [m0n0wall-dev] Feature Needed: Passthrough for destanation
domain name (CP)


Wouldn't it be simpler to do DNS lookups on all the "allowed" sites  
just to get a list of a single IP per site that works, then configure  
DNS to have those entries in as static, then just configure those IPs  
as allowed?

On Aug 11, 2006, at 11:35 PM, Sven Brill wrote:

> Alex M wrote:
>> Also, set my company's IP (that's for sure has only one IP) and  
>> when I typed
>> the name it didn't allow to go through. There is a definet need to  
>> add
>> Domain Pass-through!
>>
>>
>>
>>
> Do you use m0n0 as your DNS forwarder? You probably couldn't get  
> through to the web site because the unauthenticated client was not  
> allowed to contact the DNS server, but that's just a guess.
>
> Adding the feature you describe is probably not as easy as it  
> sounds. the packet filter does not do DNS lookups, so you would  
> have to expand the code so that ANY request from an unauthenticated  
> client first gets checked against the allowed hostnames, THEN the  
> firewall would have to resolve the hostname and dynamically set a  
> rule to allow the result of the DNS lookup, since IPs change  
> (dynamic, round robin, you name it). After that, for security  
> reasons, the dynamically generated rule would probably have to be  
> deleted, so that a future DNS change does not allow the wrong  
> traffic out and the ruleset grows too much. Not a cut-and-dry thing.
>
> Sven
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch