Does anyone know how to block all internet access except TeamViewer?
We have some modems in trucks for the computers in them. We only want specific server access and no public internet. How can we limit this?
I can specify the servers I need access to, such as a VPN server and a website, but TeamViewer is hard to specify it seems plus I need to block all other traffic.
Firewall rules can be made to match a domain name as the destination or source.
You could try making a few rules to match and permit the required ports and destinations as described on the TeamViewer page here:
Once that traffic is being allowed at the bottom of the rule list you could either set the default outbound action to “deny” or add a custom rule that would do the same with logging enabled to see what might be hitting it / trying to talk to the internet.
As for defining your sources you could also look at grouped networks to help make this a bit easier to manage, and either assign static IPs or DHCP reservations to the things that need to access TeamViewer.
What is the intended result here, are you trying to stop people (the drivers?) connecting random devices to your Peplinks and burning all the mobile data watching videos?
There might also be some other simple ways to do this depending on what other infrastructure you have available (If this were me I’d almost be tempted to tunnel all the traffic out via SpeedFusion back to a central location and then funnel it through a more advanced firewall and possibly a web proxy too).
Another quick way might be to put a captive portal on the LAN interface on the Peplink as that would block internet access for anything not authenticated.
You could then add some exceptions to the portal to automatically permit traffic from your known and valid devices and present whoever randomly connects with a nice login page telling them they should probably disconnect.
Used in combination with some firewall rules to lock down what services the permitted devices can access this might also be quite a simple way of getting what you want.
If you need some guidance on the configuration you will probably need to share a few more details like what subnets you have on the LAN side of the Peplinks, what would be valid source IPs that should have access and so on.
Thanks for the info.
Yes the intention is to stop people/drivers from using the computer in the truck (connected to the peplink modem) to browse other websites, watching netflix, going somewhere malicious. We only want it to connect to our specific servers and allow TeamViewer access for monitoring and remote control.
The modem itself is buried and not accessible, so I doubt people will be able to connect physically to it.
Our Setup:
Peplink Network in Truck: 192.168.50.0/24
Azure OpenVPNServer Network: 172.27.240.0/24
Azure Private Network: 10.0.0.0/24
On the vehicle computer, a vpn app connects to a vpn server in Azure and then an application on the computer communicates with another Azure Server which is also on the Open VPN network.
Let me know if you need more information.