• Hi all. Perhaps this is not the correct way to do this, so sorry.

    I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

    So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

    Great job!! Many thanks!!


  • Nothing to say??'

    god/bad idea???  ??? :'(


  • You have to take into consideration that opening a port allows the unauthorized users to use services such as proxies and VPNs to bypass your restrictions easily.


  • @kolomalo:

    Hi all. Perhaps this is not the correct way to do this, so sorry.

    I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

    So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

    Great job!! Many thanks!!

    I think if you just need block web surfing, I have new choice for your consider.
    let you see squid+squidGuard package, it can handle for block and bypass the website by user password and you also can specific the ip group. it easy over than CP.  ;D


  • @kolomalo:

    So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

    I think you can put your server in allowed hostnames or ipaddress, then you can block with firewall rules the ports you want (ex: "all but not smtp") from wifi interface.


  • @zcache:

    @kolomalo:

    Hi all. Perhaps this is not the correct way to do this, so sorry.

    I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

    So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

    Great job!! Many thanks!!

    I think if you just need block web surfing, I have new choice for your consider.
    let you see squid+squidGuard package, it can handle for block and bypass the website by user password and you also can specific the ip group. it easy over than CP.   ;D

    mmmmm yeah,, Now, I'm thinking that use CP to block only web surfing is not a good idea… But I didn't wanted to create too much rules...and Cp is too easy :D