Hi Chuck, I have solved a similar situation by adding a Sonicwall SSL-VPN 200 behind the main firewall. For normal web access it acts like a reverse proxy over https with userauthentication and password, but no need to install extra software on the clients
bye Christoph On 09.02.2011 05:50 Chuck Mariotti wrote: > I’m not sure how best to describe this situation without it getting word. > > We have a number of servers behind a pfSense firewall at a datacenter. > One of the servers is a web site that needs to be accessible only by > computers on our client’s network (also behind pfSense elsewhere)… This > solution has been implemented and working based on IP address restrictions. > > > > Now the client wants to allow a few people access to the web site while > at home. Unfortunately, password protecting it is not an option. VPN > access seems to be the only options but I’m wondering what the best > approach would be. > > > > We do not want to allow VPN access into the datacenter network and > administratively this would be a hassle. Instead, we would like to force > these home users onto the client network, using the client’s gateway … > resulting in an allowable IP address to the restricted web site. This is > simple to implement, but creates a lot of additional traffic if we > leave them using the default gateway. > > > > Unfortunately, the client network is using a wireless connection that > pays by the gigabyte. This will be an issue when a home users forgets to > stop downloading music, movies, etc… We also would prefer not to > install a new VPN client (like OpenVPN, even though it looks like the > best solution). > > > > I was thinking a simple PPTP connection (not sure if this would work > really), turning off the default gateway on the client end… Then, using > pfSense on the client network, make a rule that would map an internal IP > address (10.10.10.100) to the web site’s public IP address… Then, make a > public DNS entry mapped to the internal IP address and instruct the > users to use this new DNS entry when remotely accessing this restricted > site. Would this work? > > > > I guess my other question is, what is the best way to get this to work? > > > > Regards, > Chuck > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
