Enter remotely restricted pc



  • Ok I have two businesses 1. A hotel business and 2. A liquor business.  If I added a cat 5 cable to my front office pc, I would like to remotely see that pc from my business #2 from a laptop.  But what I do want to restrict people to be able to go on the internet.  Nothing should be running, downloading, or playing anything on the front office pc except for the check-in program that I have.  The only problem is I don’t know what kind of software that would do this.  If anyone knows a way of doing this would be appreciated.



  • First, make sure the users do not have admin priv on the front office PC - then they can't install stuff or change the network settings.
    Assumption: you are using DHCP on pfSense to give out IP addresses.
    Allocate a static-mapping in DHCP for the front office PC, so it gets a fixed IP address on the LAN.
    Add an alias for that static-mapped IP - e.g. FrontOfficePC (to make the rules easy to read).
    Add a rule on WAN LAN blocking all traffic from FrontOfficePC to !LANsubnet (in fact, you should be able to block everything from FrontOfficePC - traffic from FrontOfficePC to your laptop etc won't even go through pfSense).
    If you are really concerned about front office access, then be aware that just giving them a cable means they can plug in their own device to the cable, get a different IP address and play… - but maybe they can do that already on the hotel WiFi.

    Edit: fixed brain-fart - rule should be on LAN, like stephen's comment


  • Netgate Administrator

    You may want to add some exceptions to that rule to allow the PC to get updates to whatever OS it's running.

    Steve



  • ok thanks for the help, i will try and see what i can do


  • Netgate Administrator

    @phil.davis:

    Add a rule on WAN blocking all traffic from FrontOfficePC to !LANsubnet

    Re-reading this, that rule should be on LAN. Unless there's something I'm not seeing.  ;)

    Steve



  • Depending on the version of Windows (I'm assuming Windows since you didn't say) you can restrict what people can run.


Log in to reply