Hello Glenn,
[cut]
> > Good luck, but still I confess that I *may be* switching to
> this your
> > suggestion too! ;-)
>
> Use default deny and break up the logic into chains (within
> reason). Makes things a lot easier to maintain. Did for me, anyway.
glad to share some thoughts... We will
On May 5, 2010, at 9:54 AM, Boniforti Flavio wrote:
>> Don't know if this is going to work, but if it does, rules
>> similar to these may solve your problem. With no proxy whinage.
>
> This *is* going to work
Thanks for that. Now I know that if it doesn't, it's my implementation, not the
desi
> Remove the default gateway so nobody can get to the internet
> unless they go through the proxy. I've had my network set
> that for 9 years and nobody has ever noticed.
Well... This could be a solution I may consider...
In fact, the remote office uses VPN to connect to the HQ and to surf the
Hy Glenn
[cut]
> Aside from a few ports (SMTP, POP3, IMAP, DNS, etc. on the
> DMZ), the LAN won't be able to go anywhere. Except for me, of
> course; I can go anywhere...
>
>
> Don't know if this is going to work, but if it does, rules
> similar to these may solve your problem. With no proxy
On May 5, 2010, at 9:21 AM, Boniforti Flavio wrote:
> Now some clever users have discovered that they can use foreing external
> proxies to avoid filtering.
>
> What I was thinking to do, is to enable on my firewall LAN-->WAN *only*
> my proxy's IP address, but the question is: how would I have
Remove the default gateway so nobody can get to the internet unless they go
through the proxy. I've had my network set that for 9 years and nobody has ever
noticed.
Jason
..·><º>
> -Original Message-
> From: Boniforti Flavio [mailto:fla...@piramide.ch]
> Sent: Wednesday, May