Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enhancements to CP

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kolomalo
      last edited by

      Hi all. Perhaps this is not the correct way to do this, so sorry.

      I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

      So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

      Great job!! Many thanks!!

      1 Reply Last reply Reply Quote 0
      • K
        kolomalo
        last edited by

        Nothing to say??'

        god/bad idea???  ??? :'(

        1 Reply Last reply Reply Quote 0
        • B
          bardelot
          last edited by

          You have to take into consideration that opening a port allows the unauthorized users to use services such as proxies and VPNs to bypass your restrictions easily.

          1 Reply Last reply Reply Quote 0
          • Z
            zcache
            last edited by

            @kolomalo:

            Hi all. Perhaps this is not the correct way to do this, so sorry.

            I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

            So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

            Great job!! Many thanks!!

            I think if you just need block web surfing, I have new choice for your consider.
            let you see squid+squidGuard package, it can handle for block and bypass the website by user password and you also can specific the ip group. it easy over than CP.  ;D

            PF-Sense 2.0.2
            Freelance IT Developer

            1 Reply Last reply Reply Quote 0
            • L
              lsense
              last edited by

              @kolomalo:

              So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

              I think you can put your server in allowed hostnames or ipaddress, then you can block with firewall rules the ports you want (ex: "all but not smtp") from wifi interface.

              1 Reply Last reply Reply Quote 0
              • K
                kolomalo
                last edited by

                @zcache:

                @kolomalo:

                Hi all. Perhaps this is not the correct way to do this, so sorry.

                I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

                So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports ;) )

                Great job!! Many thanks!!

                I think if you just need block web surfing, I have new choice for your consider.
                let you see squid+squidGuard package, it can handle for block and bypass the website by user password and you also can specific the ip group. it easy over than CP.   ;D

                mmmmm yeah,, Now, I'm thinking that use CP to block only web surfing is not a good idea… But I didn't wanted to create too much rules...and Cp is too easy :D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.