[ previous ] [ next ] [ threads ]
 
 From:  Paul Taylor <ptaylor at addressplus dot net>
 To:  "Alex M" <radiussupport at lrcommunications dot net>
 Cc:  "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] Feature Needed: Passthrough for destanation domain name (CP)
 Date:  Sat, 12 Aug 2006 12:08:31 -0400
I think the IPs that are allowed are loaded in before hitting the  
index page as part of the rules.

On Aug 12, 2006, at 12:08 AM, Alex M wrote:

> I just looked at the Index page of CP (the PHP) and I cant find the  
> part
> that is responsible for check for pass through IP) only MAC part :-(
>
> Can some one point me where that part of script is?
>
> Thanks!
>
> -----Original Message-----
> From: Alex M [mailto:radiussupport at lrcommunications dot net]
> Sent: Friday, August 11, 2006 11:57 PM
> To: 'Paul Taylor'
> Cc: Mono Dev List
> Subject: RE: [m0n0wall-dev] Feature Needed: Passthrough for  
> destanation
> domain name (CP)
>
> I like your idea, but I'm curious about one thing! If I currently  
> adding the
> IP as safe one and then typing the domain and it gets bliked this  
> means that
> DNS server is blocked and name cannot be resolved? Or is that the  
> way code
> is written? (I forgot how the code looks like)
>
> If DNS is bloked, how can I unblock it? If that's a code then its  
> probably
> even esier! =>
>
> if($HTTP_REQUEST==$safe_domain_array[i] ||$HTTP_REQUEST== 
> $safe_ip_array[i]){
>     allow();
> }else{
>     show_captivepage();
> }
>
>
>
>
>
>
> -----Original Message-----
> From: Paul Taylor [mailto:ptaylor at addressplus dot net]
> Sent: Friday, August 11, 2006 11:45 PM
> To: Sven Brill
> Cc: Alex M; Mono Dev List
> Subject: Re: [m0n0wall-dev] Feature Needed: Passthrough for  
> destanation
> domain name (CP)
>
>
> Wouldn't it be simpler to do DNS lookups on all the "allowed" sites
> just to get a list of a single IP per site that works, then configure
> DNS to have those entries in as static, then just configure those IPs
> as allowed?
>
> On Aug 11, 2006, at 11:35 PM, Sven Brill wrote:
>
>> Alex M wrote:
>>> Also, set my company's IP (that's for sure has only one IP) and
>>> when I typed
>>> the name it didn't allow to go through. There is a definet need to
>>> add
>>> Domain Pass-through!
>>>
>>>
>>>
>>>
>> Do you use m0n0 as your DNS forwarder? You probably couldn't get
>> through to the web site because the unauthenticated client was not
>> allowed to contact the DNS server, but that's just a guess.
>>
>> Adding the feature you describe is probably not as easy as it
>> sounds. the packet filter does not do DNS lookups, so you would
>> have to expand the code so that ANY request from an unauthenticated
>> client first gets checked against the allowed hostnames, THEN the
>> firewall would have to resolve the hostname and dynamically set a
>> rule to allow the result of the DNS lookup, since IPs change
>> (dynamic, round robin, you name it). After that, for security
>> reasons, the dynamically generated rule would probably have to be
>> deleted, so that a future DNS change does not allow the wrong
>> traffic out and the ruleset grows too much. Not a cut-and-dry thing.
>>
>> Sven
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>