device: draytek 2920 with latest FW 3.63


hello,

i have the following task:
3 PCs from LAN should have blocked all internet access, exept one webseite.


i have done the following:


Object Define
object setting-> IP objects: created 3 objects / adress type MAC / entered MACadresses from PC LAN cards
object setting-> IP groups: put all 3 into one grop [production]


firewall-> filter setup
existing rule #1 (default call filter) and existing rule #2 (default data call filter) - not touched


firewall-> filter setup -> created new rule #3 - filterrule #1
direction: LAN/RT/VPN->WAN
source IP = Groups and Objects = [IP Group= production]
Application/Filter: block immediatly

firewall-> filter setup -> created new rule #3 - filterrule #2
direction: LAN/RT/VPN->WAN
source IP = any
destination IP = IP_from_webseite
Application/Filter: pass immediatly


dont work yet... whats wrong ?

regards,

supa

from within Default Data filter have you told it the next data set to follow on to?

its at the bottom called "NEXT FILTER SET" you would need to select #3

Hope this helps

Oh and the block rule needs to be "Block Unless further match"

those options are well hidden... :shock:

thx a lot so far... i will try and give feeback.

Doing something very similar, I found I had to create an additional filter rule:

On of your "restricted" pc's do an IPCONFIG /ALL
and record the DNS address the machine is using.

firewall-> filter setup -> created new rule #3 - filterrule #3
direction: LAN/RT/VPN->WAN
source IP = any
destination IP = DNS_IP_from_above_IPCONFIG
Application/Filter: pass immediately