Hi,
I have RB1000 PPTP server enabled for remote users and sql replicators, how can I block access to internet for some or all PPTP users?
the sql server on the local network doesn’t have the RB1000 as a default gateway will it be fine?
thanks,
Samer.
If your pptp users are on another different ip range from the lan users then just change your masquerade rule to specify the src-address to be that of the lan ip range. Then the pptp users wont have internet access at all.
Make sense?
This is good if they are on another subnet, but they are on the same subnet.
Thanks and Regards,
Samer.
ok well then what about src-address-lists?
set your PPTP pool to a contiguous range say near the high end and then create a firewall address list called pptp which will have this address range specified (i.e. 192.168.0.200-192.168.0.254).
Then in the masquerade rule, use the src-address-list but put a ! before it indicating any IP besides the pptp addresses.
Will this help?
Yes helped.
I would like to buy a book showing tutorials and usage of WINBOX.
What is I disable NAT masquerading will my internal network be vulnerable or accessible from outside?
Thanks,
Samer.
I would take a dig around the wiki as there are plenty of juicy articles lurking under the covers.
Like this one for instance;