Creating rules to allow access based on remote IP/range

Discussion in 'other firewalls' started by veri, Nov 13, 2006.

Thread Status:
Not open for further replies.
  1. veri

    veri Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    138
    Couple questions.

    • Is is possible to determine the IP range of a company/college/organization, and if so, how? I ask because apparently Kerio does not allow domain names as access masks.
    • Is there a firewall that DOES allow name usage in rules like that?

    I use remote desktop a lot on a non-default port and would like to tighten Kerio's rule allowing this to specify not only the local port (say, 1234) but also the remote site's allowed address range. I've used controlled access systems that allowed matching by hostnames - so something like *.abc.edu - but am unaware as to whether any software FWs allow for this.

    Seeing as how I'm behind a router, I would imagine that should do the trick, but for the sake of learning, I'm also up for learning of any alternative ways a rule could be better crafted beyond "okay, let all traffic from/to 1234 pass."

    Thanks.
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Outpost Pro supports domain names as well as Comodo (I guess, that Jetico & Core Force too).

    I tried using domain names in CPF, but I got too small and too wide IP ranges in comparision to real IP ranges (google.com vs manual), so I set up IP ranges instead of domain name (do not know, if it is CPF's fault or their online database is outdated). So far it works fine just for me.
     
  3. veri

    veri Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    138
    Interesting, thanks for the screenshots.

    Which leaves me trying to figure out a way to get all the valid IP ranges for a given institution... any thoughts?
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I use DNS Stuff to get ranges. I just hope, that they are not going to change it too often.

    Eg Yahoo connects to the IP: 216.155.193.176, I will use IPWHOIS Lookup and I will get IP range: 216.155.192.0 - 216.155.207.255. Of course, it can have more IP ranges, like Google.
     
  5. veri

    veri Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    138
    Forgot all about that site, thanks for the help :)
     
Loading...
Thread Status:
Not open for further replies.