| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: restrict users` internet access |
From: Ellen K.
Where does the authentication happen then? Does the firewall have to
know who all the users are? Do you feel up to explaining in simple
terms what a proxy server is?
Re the pcAW, it sounds similar to what you are saying about the other
question, i.e. if the firewall knows the machines by name, it doesn't have
to know their internal IP address. Is that correct? This
similarilty leads me to question whether maybe our firewall -- or the
person in charge of it -- only knows how to deal with IP addresses. It is
a Pix firewall.
On Sun, 27 Mar 2005 17:01:53 -0800, "Rich" wrote in message
:
> I agree with the proxy though not the fixed address. Use proxy
authentication so that the rules apply to users and not the computers.
>
> You shouldn't need a fixed internal IP for pcAW unless this is a pcAW
restriction. As long as you have dynamic DNS or similar internal name
resolution you should be able to use a dynamic address. Just refer to the
machine by name instead of IP.
>
>Rich
>
> "Ellen K."
wrote in message
news:frie411ubovd2ghdv5f67hdqd2rdcd22vq{at}4ax.com...
> Not my area of responsibility but I always like to help if I can:
> We want to restrict the rank-and-file users to a few allowed sites like
> FedEx and UPS. In our morning briefing the other day it was stated that
> everyone would have to have fixed IP addresses to do this (that part I
> understand, since the restrictions are not to apply to everyone) and we
> would have to have a proxy server.
>
> I actually don't know what a proxy server even is, but the IT director
> said it's complicated. So first of all, is it true that we would need
> a proxy server? And secondly, if so, is it complicated?
>
> Alternatively, is there any other way to do it? We want to leave people
> like directors and IT with full internet access. Most boxes have no
> external IP address and a dynamic internal one. The only ones with
> fixed internal ones are people who pcAW in to their desktop, which for
> all I know might only be me because when they set up an additional
> desktop for me recently they left the internal address dynamic and I
> couldn't get to it.
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.