Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    RE: Configuration Suggestions

    Firewalling
    2
    4
    1571
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bmarshallbri last edited by

      Hi All,

      We have installed a PFSense firewall at a clients production plant so we can do some connection limiting for some of their work stations. They have a few machines that are used as clients to a hosted application service provided by an offsite vendor. They keep having problems with employees at the plant using those machines for internet browsing and emailing and consequently those machines are dropping like flies due to the god knows what the plant employees are looking at (Too much info I know).

      I know this seems like a dumb question but what would be the best way to go about blocking the access of those machines so they can only access the domains/IP's and ports necessary for the client to connect to it's services?

      Thanks

      –b

      1 Reply Last reply Reply Quote 0
      • C
        cybrsrfr last edited by

        One easy option is to setup your DNS to point to opendns.com. Then signup with account define your IP addresses and turn on filtering for the categories desired. To completely secure it block DNS for everything other than OpenDNS. If you have a dynamic ip then use DNS-O-Matic to update the IP for OpenDNS.

        You can also use the DNS forwarder to override a few domains that you want to block and assign them a localhost IP address such as 127.0.0.1. Effectively blocking the domains of your choice.

        1 Reply Last reply Reply Quote 0
        • B
          bmarshallbri last edited by

          Thanks mcrane.

          Is there anyway to setup firewall rules to block network access to the WAN except for specific IP's? I tried setting up some block rules but they still seem to let traffic pass through.

          For example I created a DHCP assignment to the mac address of the machine in question so I can insure it's always on the same LAN IP and then tried setting up a block rule to deny that host access to any outside IP. It did not work. Granted I probably did not set it up right.

          I like the DNS solution for a more network wide application. In the case we are only trying to block other 2 machines.

          Any further advise would be greatly appreciated.

          Thanks

          1 Reply Last reply Reply Quote 0
          • C
            cybrsrfr last edited by

            You could assign captive portal to the LAN. Then you can control access From the WAN by mac address, ip address, and/or giving out user accounts that allow people through captive portal.

            You probably can do this with firewall rules too but captive portal is easy and flexible and will work.

            Best Regards,

            Mark

            1 Reply Last reply Reply Quote 0
            • First post
              Last post