Enable E-mail, Block Web Surfing

[rayway]

On our network we use an outside ISP for hosting our web site and our e-mail. We do not have an internal mail server. I would like to enable certain clients to have e-mail access but not Internet access. Can this be done using TCP/IP filtering? If so, what ports must I let in and what ports must I keep out?

Or should I use the IP Protocols instead of TCP Ports? If so, what protocols should I let in and what protocols should I keep out?

 

[exklusve]

well to answer your question. in theory if you blocked all outgoing requests to port 80 on the web to be dropped at your firewall.
I've never done that so I dont know if it will work.

Try using TACACS PLUS. I use it where i work now, and we can allow or deny users from accessing the internet. It runs off a linux box, and when they try to access the internet it asks for authentication. If their account allows internet access then it will allow them.
But it only does so on port 80 requests. if they want to visit paypal on a secure connection, then it will let it go through because its not using port 80.

hope that helps.


eXklusve

 

[BWilson77080]

blocking port 80 will work....in fact you can block all ports accept for POP3 ports if you wanted, this would do it....but blocking port 80 will be the easiest way, also block 21 and 23 while your at it, that will keep them out of telnet sessions and FTP sites

 

[rayway]

How do you block port 80? In the TCP/IP Filtering box I can permit certain ports but I don't know how to block certain ports.