How to allow Internet only for one Device and allow only one website for all the others ?
-
How to allow normal internet traffic only for one device on lan interface, and deny all internet websites except one for every other devices?
-
Just add an allow rule for ports 80/443 for any destination for that one devices IP. An allow rule for all LAN subnet source with destination just the site you want to allow and ports 80/443. And a block rule for ports 80/443 below that.
I imagine though it's probably more complex than that...
Steve
-
Can it be done here, yes, however, typically solutions at the firewall level involve manual processes like stephenw10 described plus DNS lookups, chasing down IP ranges, etc. and are management nightmares. You could configure Squid/Squidguard, but personally, I've never liked that route either.
One crude way of doing what you're asking is to statically set the IP and DNS for the one workstation you want to have full access... and have DHCP hand out OpenDNS to everyone else where their queries will be filtered.
A more effective way of accomplishing your goal is to implement a UTM.
-
@stephenw10 Good morning thank you for replyng, im tryng to do it but i dont understand is it is possible, the domain name is the FQDN of a Lambda function, and it change the pubblic IP sometime, the IP its not static.. how i can set an alias for this domain name?
-
By using the Firewall => Aliases => URLs - add an URL like
where "some-domaine-for-me.tld" is your domain.
What is a "Lambda function" ?
edit
With Diagnostics > Tables you can check your alias and see that it will get resolved (regularly, every 5 minutes or so) so your alias will always point to the right IP.
-
@Gertjan
I dont understand the meaning of alias couse if i put some Url like google.com or some random url it give me this error= A valid URL must be provided. Could not fetch usable data from 'google.it'. -
@Mago said in How to allow Internet only for one Device and allow only one website for all the others ?:
google.com
Wrong example.
Google, Facebook, twitter, cnn, and other huge companies are special.
Google by itself has thousands of different IP's - because they have that many servers. Probably more.The fact is : still these days, people don't know that, and use "youtube.com" as an alias to try to block it. And discover that it won't work.
Every time you try to resolve google.com another answer can be possible.The auto-resolve utility that runs in the backgroud to resolve the FQDN's in the Aliases isn't designed neither capable of handling these kind of URL's. You'll be needing pfBlockNG-devel if you want to (try to) block URLs like these.
An alias for you own domain name will work fine.
-
@Gertjan
The domain that i want to put in the alias is a lambda link lambda is a service provided by AWS cloud, itis an endpoint like https://somevarcharblablabla.amazonaws.com
anyway if i put another domain tha i have inside my network her it give me the same error..
"A valid URL must be provided. Could not fetch usable data from https://somedomain.com
i dont understandthe thing that i want to do its to allow only one specific website for de hosts connected to the lan network
i dont want to block the website but i want to allow only that. -
@Mago said in How to allow Internet only for one Device and allow only one website for all the others ?:
https://somedomain.com
is not a FQDN.
A FQDN is something like somevarcharblablabla.amazonaws.com - when resolved, it should return an IPv4 and/or IPv6.
The https:// part is what browser use so the know that port "443" is implied, and that gets back is some 'web server answer. -
@Gertjan
i tryed to put only somevarcharblablabla.amazonaws.com
but i get always the same error = Could not fetch the URL "somevarcharblablabla.amazonaws.comanyway if i ping somevarcharblablabla.amazonaws.com
it reply me whit an ip address
-
We will probably need a screenshot of exactly how you are adding that alias. It should work with a real FQDN.
That has to resolve to only one IP though (it can change longer term) to be useful. If it can resolve to numerous IPs you will need some other way to filter that traffic such as by DNS.
Steve
-
Ah, the alias type should not be URL, that is for retrieving a list of IPs. The alias type should be
hosts
.Steve
-
You're right.
Test :
which is correct.