I have a client that would like to block internet access to certain machines in their organization.
Can I setup a walled graden that would allow these machine to only access certain websites? Primarily ones that tell them that they are blocked and who to contact for access to the web.
These computers are network computers not hotspot. The internal Network is Masqueraded to the internet.
Mike
Well, mark IP addresses of users and put the addresses of the website you want to allow them to view, all other redirect to one of admin pc’s in a network where you’re going to use webserver (example 192.168.1.10) with index.html (where you’re going to put contact info)
Example:
ip firewall dst-nat>
src-address=192.168.1.100/32 (user)action=accept to-dst-address=66.102.9.104 (google)
src-address=192.168.1.100/32 (user)action=accept to-dst-address=68.142.226.37 (yahoo)
src-address=192.168.1.100/32 (user) action=nat to-dst-address=192.168.1.10 (webserver) to-dst-port=80
I gave example of only allowing google and yahoo, but you can build your own rules.
Remeber that if rules are not matched, it will jump to the rule
src-address=192.168.1.100/32 (user) action=nat to-dst-address=192.168.1.10 (webserver) to-dst-port=80
so always put accept rules infront of nat rule and info page will be opened.
Try and tell us what happened…
Cheers…
I’d run with some form of Proxy server. This gives rather more flexibility and is easier to administer. You can block access to sites by machine or user / group of users.
Regards
Andrew
I agree, it can be done by proxy…
Either way it is very annoying job to administer which sites they can see and which they can…