[pptp-server] Limit access to certain machines
Jamin Collins
JaminC at adapt-tele.com
Tue Aug 7 09:17:27 CDT 2001
Please refrain from posting to mailing lists using HTML.
Rich Paredes [mailto:rich at riafinancial.com] wrote:
> My concern is that even though I could assign VPN clients a certain
> range of ip addresses and add rules to our firewall to only allow
> these range of ip's to access certain services on certain machines,
> our VPN clients can still assign themselves a static IP address in
> the VPN client setup. If they assign themselves a static ip outside
> of the range we blocked, they then have access to the ENTIRE NETWORK.
> Does anyone have any solution to this? I'm not looking to separate
> them on their own network... Thanks.
With the proper firewall rules, you can control the traffic not only by
source/destination IP, but also by interface. The rules can be designed so
that even though the IP may be valid for access to the entire network, the
interface that the connection was received on is not.
Jamin W. Collins
More information about the pptp-server
mailing list