Results 1 to 3 of 3
  1. #1
    Untanglit
    Join Date
    Jun 2018
    Posts
    29

    Default Need to block most of local network.

    I'm trying to setup access for a specialist to connect to our internal network. I only wan't him to access two E2 controllers at their specific IP & ports. (https://www.froztec.com/en/product?modl=e2-controller)
    Since I don't have these E2 devices on a port forwards as I don't trust the security on the device I'm setting up a VPN for the specialist but don't want him to have access to the rest of the network.

    I have his VPN tagged, then in the filter rules, I'm trying to create a rule:
    Client is tagged: xxxx
    Destination address is NOT: 192.168.55.37, 192.168.55.38

    1. It won't let me do multiple IP's on the destination address. I could just do: Destination port is NOT: 1025 as noting else on the network uses this port #.
    2. Will this be sufficient enough to keep this guy off the rest of the network?
    He's not net work savvy, just wan't a little more protection from him snooping around.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,789

    Default

    The OpenVPN client name, matches as username in the firewall app.

    So all you need to do, is make two firewall rules, one simple says block, username: openvpnclientname

    The other above the first says, pass, Username: openvpnclientname destination address: list,ips,of,things,he,can,have.

    You'll note the lack of spaces... that matters.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Jun 2018
    Posts
    29

    Default

    Your awesome! That works so much better.
    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2