| Author |
Message |
sma11y
Guest
|
 Posted:
Fri Jan 14, 2005 6:33 am Post subject:
Block internet access on some PC's but allow on others with |
|
|
Hi All
I have the firewall setup on a DSL-500 router which is set to block
everything except certain ports (eg. 80). The firewall is set to 'block
if rule does not match' so all the rules are 'allow' rules for each
port I want to let through.
I want to allow www access for all but a few PC's on the network, which
means blocking port 80 for specific IP addresses.
Sounds easy, but creating a 'block' rule in the firewall for a single
PC would contradict the 'allow' rule for all the others (I tried this
and it doesn't work). I can't create allow rules for each PC as there
are too many.
Does anyone have any ideas, firewall settings or otherwise, on how I
can acheive this. I have considered a software firewall on the PC's I
want to block, but I'm hoping for something a little easier to
administer, and something that the users can't fiddle with.
Thanks |
|
| Back to top |
|
 |
Computer Doctor
Guest
|
| Posted:
Fri Jan 14, 2005 9:50 am Post subject:
Re: Block internet access on some PC's but allow on others w |
|
|
sma11y wrote:
| Quote: | Hi All
I have the firewall setup on a DSL-500 router which is set to block
everything except certain ports (eg. 80). The firewall is set to 'block
if rule does not match' so all the rules are 'allow' rules for each
port I want to let through.
I want to allow www access for all but a few PC's on the network, which
means blocking port 80 for specific IP addresses.
Sounds easy, but creating a 'block' rule in the firewall for a single
PC would contradict the 'allow' rule for all the others (I tried this
and it doesn't work). I can't create allow rules for each PC as there
are too many.
Does anyone have any ideas, firewall settings or otherwise, on how I
can acheive this. I have considered a software firewall on the PC's I
want to block, but I'm hoping for something a little easier to
administer, and something that the users can't fiddle with.
Thanks
|
Take an old pc and recycle it using linux. There are various ways to create
complex routing and firewalling using nothing more than a floppy based
distribution of linux on a cast-away pc. It would be the cheapest,
easiest, most robust and effective way to route/firewall a network.
Trent M. Gunnarson |
|
| Back to top |
|
|
Justins local account
Guest
|
| Posted:
Fri Jan 14, 2005 2:45 pm Post subject:
Re: Block internet access on some PC's but allow on others w |
|
|
"sma11y" <sma11y@iinet.net.au> writes:
| Quote: | Hi All
I want to allow www access for all but a few PC's on the network, which
means blocking port 80 for specific IP addresses.
Sounds easy, but creating a 'block' rule in the firewall for a single
PC would contradict the 'allow' rule for all the others (I tried this
and it doesn't work). I can't create allow rules for each PC as there
are too many.
Does anyone have any ideas,
|
Sometimes the order of rules is significant - try the "block this PC"
rule before the allow port 80
--
Justin Murdock |
|
| Back to top |
|
|
sma11y
Guest
|
| Posted:
Mon Jan 17, 2005 2:21 am Post subject:
Re: Block internet access on some PC's but allow on others w |
|
|
I've tried shifting the order of the rules around but if the 'block'
rule appears before the 'allow all' rule access is blocked for all PC's
which seems a little weird to me. Firmware is latest version so not
sure what is happening there. |
|
| Back to top |
|
|
sma11y
Guest
|
| Posted:
Mon Jan 17, 2005 2:23 am Post subject:
Re: Block internet access on some PC's but allow on others w |
|
|
Trent,
What do you suggest in the way of firewalls. A simple IPTables setup or
a more advanced GUI style... |
|
| Back to top |
|
|
Justins local account
Guest
|
| Posted:
Mon Jan 17, 2005 3:27 pm Post subject:
Re: Block internet access on some PC's but allow on others w |
|
|
"sma11y" <sma11y@iinet.net.au> writes:
| Quote: | I've tried shifting the order of the rules around but if the 'block'
rule appears before the 'allow all' rule access is blocked for all PC's
which seems a little weird to me. Firmware is latest version so not
sure what is happening there.
|
Sounds like either you are making a silly mistake when configuring the
device, or the current firmware is useless. Probably the next step is
to contact the manufacturer - there may be a "tech report" function
that lets them see exactly how you've set the firewall up.
--
Justin Murdock |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in