Results 1 to 3 of 3
  1. #1
    Master Untangler
    Join Date
    Nov 2009
    Posts
    151

    Question Exported hosts and networks by client

    Hello.

    Just to check. Is it possible to configure different exported hosts and networks according to client? (ie. one user will export the whole X network, and another one will export only Y and Z hosts)

    Cheers

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    nope, but you can use the firewall to effectively limit access to certain people.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Nov 2009
    Posts
    151

    Cool

    Yup, works like a charm, but you'll have to use Packet Filter to limit ICMP, as the firewall will only work on TCP and UDP level (at least from my testing).

    I have setup today a VPN for a application consultant that is intended only to access a given instance of a database that is bound to a dedicated IP. In onder for him to only be able to access the database port, and nothing else (nothing else indeed) I have made the following setup:

    * Created a new address pool dedicated to external consultants (luckly we only have this one ), limited to 6 hosts
    * Created the openvpn client for him
    * Configured the firewall to limit access from his client ip to the database ip on tcp/1433 (and logging)
    * Configured another firewall rule after this one as a implicit block rule for the whole address pool for logging purposes (this is not necessary, but I like to log what they are trying to do )
    * Configured packet filter to drop all ICMP traffic coming from the address pool (if you like/need some client in this pool to be able to ping a host or network you can configure a new packet filter rule before this one allowing it)

    It works like a charm

    Would also like to have the clients authenticating in the local directory dough... but this has already been much suggested.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2