|
||||||||
> So you will enable dhcp on the m0n0wall and assign a static > IP to this specific mac adress. > > The rest of the IP addresses (DHCP) he wants to allow only to go to > > two or three very specific URLs to upload business-related data but > > nothing else. Be warned of course that the moment anyone tech-savvy connects to the network and knows the IP address of the machine with unrestricted access, they can simply force their machine to use that IP, bypassing DHCP entirely. This is especially true if the "real" unrestricted machine is not always powered up and using its IP. > You need to know the ip-Adresses/Ranges of these web servers... > > Is this possible? Can I give a range of IP addresses to > m0n0 to only > > allow certain access while allowing the static pool to go anywhere > > they'd like? > Yes. You might have to add multiple rules for any > ip-adress/range of the httpd. Have a look at the firewall > rules screenshots http://m0n0.ch/wall/screenshots.php Again, be warned that while web addresses might remain constant, the IPs behind them might change regularly, especially if the sites in question are busy ones using a forward-proxying arrangement to distribute load to a number of "real" webservers. In this case you'd have to work out the IPs for all of them - could be a time consuming process, and add each of them manually. I'll be the first to admit it's none of my business, but I'd really hate to work at a place that wanted to lock down employees' internet usage in this way. Seems to me firewalls these days are being used as much for controlling the people behind them as for preventing unauthorized packets coming in... but that's a separate discussion ;-) Regards, Chris -- C.M. Bagnall, Partner, Minotaur Tel: (07010) 710715 Mobile: (07811) 332969 ICQ: 13350579 AIM: MinotaurUK MSN: minotauruk at hotmail dot com Y!: Minotaur_Chris This email is made from 100% recycled electrons |