41.4. Example 4: Restricted Access from the VPN

A user should connect to the Intra2net system for remote maintenance of a server from a VPN client. Using this connection, it should only be able to address a specific service on a server.

  • The target client for remote maintenance has the name "testserver" and the IP 192.168.1nn. 100.

  • Create a new firewall ruleset that only allows access to this server using the HTTP service.

  • For addressing, access to the DNS of the Intra2net system is also required. All unauthorized accesses should be rejected with Reject.

  • Activate this firewall configuration for an existing VPN dial-up connection.

  • Establish the VPN connection and use a web browser to test whether the server can be accessed via HTTP. A test page should be displayed.

  • Open the program "zenmap GUI", which is part of the portscanner suite Nmap. To test the firewall ruleset, perform an "Intense Scan" on the target server. Only the HTTP service must be available.

  • Perform an "Intense Scan" on the IP of the Intra2net system in the VPN network, i. e. 192.168.1nn. 254. Only the DNS service may be accessible.