Re: Blocking Intranet

Vidiot (brown@ftms.com)
Thu, 15 May 1997 15:21:56 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Per Hedeland: "Re: To BREAK or Not to BREAK"
Previous message: Jukka Pakkanen: "Re: Current PM3 modem cards"

<
<I'm trying to block Intranet web access for anyone outside of our network. Is:
<
<deny 0.0.0.0/0 intranet.tradeex.com/24 tcp dst eq 80
<permit 206.30.200.0/24 intranet.tradeex.com/24 tcp dst eq 80
<
<Correct? We have a Class C network 206.30.200.XXX (/24 means Class C doesn't it?? What is /32 for?)

You don't say if you have a web site that is meant for access by the outside.
If so, it is probably using the default port 80. Our web server, my working
computer, also services two other web page sites; my internal set of test pages
for my personal stuff that is placed elsewhere, and our intranet. These use
ports 8000 and 9000, respectively. I keep access away from these by denying
access to those port numbers in the IRX-111 router that we have.

So, my suggestion is to have the external web site on port 80 and the intranet
web site on port 8000 and block it that way. Yes, this means you will have
two httpd configurations. So what. If you keep everything in the same area,
that isn't a problem. I use three separate config directories called:

/usr/http/htconf
/usr/http/htconf8000
/usr/http/htconf9000

Very easy to maintain and block in the router.

-- 
System Administrator - Finnigan FT/MS - Madison WI. <URL:http://www.ftms.com/>
e-mail: brown@ftms.com
phone: (608) 273-8262 ext: 612  fax: (608) 273-8719
Visit - <URL:http://www.cdsnet.net/vidiot/>  (Your link to Star Trek and UPN)

Next message: Per Hedeland: "Re: To BREAK or Not to BREAK"
Previous message: Jukka Pakkanen: "Re: Current PM3 modem cards"