[ previous ] [ next ] [ threads ]
 
 From:  "David Burgess" <apt dot get at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking ALL outbound traffic
 Date:  Mon, 13 Oct 2008 00:48:20 -0600
On Sun, Oct 12, 2008 at 5:00 PM, Manny A. Wise <mannywise at gmail dot com> wrote:

> Hello everyone,
>
> I am new to this mailing list, I will appreciate your help....thanks in
> advance..!!!
> We have the main office in Tampa florida running clackconnect 4.1
> enterprise..
> We have a remote office in Dominican Republic running m0n0wall lates
> version...
> We will like to block ALL the traffic in the remote office to the
> internet...
> We will create a VPN to the main offfcie using IPsec.
> We will like force all the traffic in the remeote office to go to our main
> office and from there out to the internet.
>
> I been told that creating the VPN is not problem, but blocking all the
> traffic to the internet is imposible...
>
> Is this true?????



Not true. I haven't done it, so somebody will correct me if I'm wrong, but I
believe it's fairly simple once you have your vpn working.

You will need 2 firewall rules on your remote office m0n0wall WAN interface.
The first rule allows outgoing connections to the IP address of the main
office. The second rule blocks all outgoing connections on the WAN. If your
m0n0wall requires DNS to set up the vpn then you may need to add an allow
rule before the default deny rule on the WAN to permit DNS queries.

Add firewall rules on the IPsec interface to control traffic through the vpn
tunnel.

Did I miss anything? It's getting late here.