Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Oct 2007
    Posts
    72

    Default Web Filter by MAC Address - Christmas Wishlist

    Hello,

    What a great product... And more important, what a great product to build on.

    As we sink more and more into the world of mobility with wireless speeds getting faster, and data throughput higher, I now see this to be the age of wireless on a whole. Which brings me to my dilema... User transparancy.

    I admin a physician's office that has bestowed upon me the task of modernization. Although the office only has 6 employees, the eventual goal of the doctor is to create a model, capable of being replicated, to be sold as franchise to newbie doctors. So I've been given the task of making this office stat-of-the-art. First step; bring Untangle to the picture. Next, install software that not only does patient scheduling, but also hosts a complete electronic chart of the paitiant including their photograph, x-rays, cultures and tests; so that when the doctor walks in, she uses her tablet-pc to chart and discuss everything with a patient right there in the room - prior to N-Class wireless this much data could not be uploaded fast enough.

    The doctor takes the same tablet PC home, to the hospital, on the road (Cellular Wireless), and back to the office... Each time having the need to join a different subnet. This is why we have been blessed with DHCP. HOWEVER, right now, I have IP addresses dot 1 - 10 statically reserved for workstations, and dot 11-49 on DHCP.

    But here's the problem... When the doctor comes back to the office and gets a new IP address, she falls out of the scope of the pass list of clients. This means that I have to (because I don't know how to use /xx to get a range of IPs) manually enter the entire DHCP pool is on the pass list.

    If one could put THAT Tablet-PC's MAC address on the pass list, than it wouldn't matter what IP address she pulls, she's still able to pass through the content filter, but any other employee who brings in their laptop would still be subject to the content filter.

    So I have two questions... Can I add one line to the pass list like 192.168.0.10/xx (fill in the xx with what's right) and get IP addresses 11 through 49 unblocked? And, anyway of writing a few lines of code to get IP addresses unblocked in web content filter?

    Thank you for your thoughts, and please note, asking the doctor to manually switch IP address violates the “user transparency” directive.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    The easiest solution would be to set a static map in DHCP server (inside router) to give him the same IP everytime.

    And thanks for all the additional information! This really helps us understand better why people are using the software and how we can make it better.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Nicolus,

    Don't know if you're still monitoring this thread or not. I was checking through recent threads and came upon this one. dmorris answered the first part of your question. The second part is that by providing the doctor a static IP based on his MAC address (while he is in the office), you can create a custom policy for him. Everyone else in the office could have constraints imposed on their internet habits by being part of a standard configuration, but the doctor would use the custom policy that would give him more flexibility. Custom policies require the Professional Package, which does have a price tag associated with it.

  4. #4
    Untangler
    Join Date
    Oct 2007
    Posts
    72

    Default DMH & DMorris

    I absolutly continue to monitor all my threads, because I am always interested in any new opinions and advice... And I thank you both for yours.

    What an interesting idea DMorris had about assigning the same IP address each time at the Host level.

    And MDH, I do have the pro package, but don't really understand custom policies too well... I will read up on it more through the Untangle manual. Could you explain what you mean by this sentence specifically>>> "by providing the doctor a static IP based on his MAC address (while he is in the office), you can create a custom policy for him."

    Thank you both again.

  5. #5
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    1,946

    Default

    The professional package, through the use of custom policies, will allow you to in essence have multiple firewall, web content filter, protocol control rules etc. What mdh was suggesting was that on your DHCP server, set a Static DHCP address for the Doc's PC from his MAC address. This can be easily accomplished in Untangle's DHCP options. Then create a new custom policy for that IP address.

    Does that help or did I confuse you more?

  6. #6
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Silver Bullet ... Thanks!

    Nicolus ... Silver Bullet gave you the nutshell version there. In the Untangle interface, everything below the SERVICES bar exists for Untangle as a whole. Everything above that can be configured for different policies. Check our wiki for more detail than you would probably ever want:

    http://wiki.untangle.com/index.php/U...tting_Policies

    You can do setups there as you need, or for schools where teachers can go anywhere and students are locked out of MySpace, home where the kids' computer can't go out after 9pm ... anything that is based on different rules for different users/user classes. Sorry to confuse you the first time. You'll have a much clearer idea of the topic after checking out the wiki link above.

  7. #7
    Untangler
    Join Date
    Oct 2007
    Posts
    72

    Talking WOW - I feel the LOVE!

    I understood what both of you said, very clearly.

    I didn't realize that you CAN assign an IP address to a MAC address within Untangle. I was tooo tunnel-visioned on the web filter to realize this wonderful work around.

    I'll start on it next week whenthings lighten up and report back.

    Thank you again for all the support!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2