Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Visiting internet Without Restriction ??
  •  
sgpeter

Messages: 7

Karma: 0
Send a private message to this user
Hello ! Very Happy Very Happy
Our Firewall & DHCP server set up on IP: 192.168.25.1 and it outgoing through gateway 192.16825.254, but recently we found the internal computer (IP fm:192.168.25.3 to 192.168.25.253 ) could bypass visit internet without authorization while they set a route in their operation system . Any suggestion to settle down this problem ?

Thanks.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
It seems to me your outgoing gateway is on the same IP segment as KWF. So anyone is able to bypass it by just manually putting the gateway instead of letting it be KWF. Your Internet connection should be 'behind' KWF, not 'next' to it on the LAN.
  •  
sgpeter

Messages: 7

Karma: 0
Send a private message to this user
Thank you for your kind information .

So , I configured our Router to reject client pc to manual input IP address . But they still could set up a route in their operation system to bypass KWF.

as far as i am concerned ,I still would like to know whether KWF could inspect the contant of the outgoing request from the authorizd PC .

Confused
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
sgpeter wrote on Wed, 10 May 2006 11:30

So , I configured our Router to reject client pc to manual input IP address .


How can your router know if an IP address was manually configured or DHCP-ed? AFAIK the router can't know...
  •  
sgpeter

Messages: 7

Karma: 0
Send a private message to this user
we could bond MAC address to definte the client how to get a relevant ip address .
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
So in KWF's DHCP server you have reserved an IP address for every PC (so you know a PC always gets served the same IP address) and in your router you check if a MAC address has the appropriate IP address?
  •  
sgpeter

Messages: 7

Karma: 0
Send a private message to this user
Yes, we could use your mentioned way to realize that function .
Previous Topic: 6.2.1 Statistics Time Wrong?
Next Topic: Port Forwarding
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 07:45:08 CET 2017

Total time taken to generate the page: 0.00486 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.