As internet pc block that are not assigned

Hello people; I have a problem I can not solve it, the pc that do not add to the server (I use hots and host groups), has full unrestricted output; as I do to deny internet to PCs that are not assigned to the server ?. From already thank you very much

in Spanish
hola gente; tengo un problema no puedo resolverlo, las pc que no las agrego al servidor (yo uso hots y grupos de host), tiene salida total sin restricciones; como hago para denegar internet a las pc que no esten asignadas en el servidor?. desde ya muchas gracias

1 Like


It’s not very clear… The pc can’t take an Ip adress from the DHCP or it’s something else?

Try to give us more details

thanks. The network has a dhcp service that gives the other server, and use it as firewall nethserver, proxy…etc, the pc’s ip from objects added by the firewall, when I add automatically has full internet without aim the proxy port. How can you do to deny all access to the internet pc that will not assign port 3128 yet?
[Sorry for my English]

If I understand correctly:

  • There is a DHCP server giving address to NethServer.
  • NethServer is acting as Firewall, Proxy, etc.
  • Most workstations are added as Firewall objects under the host tab, and grouped as host groups;
  • but some workstations aren’t

How to deny Internet access to the latter?

What I don’t fully understand is about the proxy, maybe:

  • workstations that are not added to the firewall have full Internet access. How to deny Internet access to those workstations that have not been yet redirected to the proxy port?

@Jorge_Karim_Ledesma, if you don’t mind, try to explain a bit more about your setup, and correct me where I am wrong.

Does NethServer sits between the DHCP server (maybe a router) and the workstations?, like shown in the Gateway Mode as seen on the Network Planning wiki page.

How are you friend?

You want to deny access to the internet to a host or host group created in nethserver?

If you have a DHCP server outside services nethserver and have a range of reserved IP for your local or enterprise network, all IP that are not reserved the can create a subnet range CIDR and say in security policies refuse exit to the internet.

I think it’s what you need.

Como estas amigo?

Quieres denegar el acceso al internet a un host o grupo de host creados en nethserver?

Si tienes un servidor dhcp fuera de los servicios de nethserver y tienes un rango de ip reservada para tu red local o empresarial, todas las ip que no estan reservadas las puedes crear en un rango de subred CIDR y le dices en las politicas de seguridad denegar la salida a la internet.

Creo que es lo que necesitas.

Regards / Saludos.