Would it be possible to restrict access to internet pages in the following way?

A machine:
IP = 128.1.17.123
Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable.


B machine:
IP = 128.1.17.146
Regardless of the domain suffix ( if that is what it is called) any internet page is viewable.


If the above is possible, in what ways could this be done?

Is system B the firewall or something else? Normally you can restrict access for one IP in or out but you would have to post what type of systems, firewall, versions...

I believe I have used some inappropriate wording.

Both system A and system B are PCs. The users of these PC have to access the internet many times a day to obtain information about various things. Both A and B enter out into the internet through the same gateway point.

While user B has no problem retreiving internet pages, user A is almost completely unable to retreive information from the internet. However, A has no trouble retreiving pages located on our intranet.

???

Your original post (The answer to the first question would still be yes - the second can't be answered with the information given)

Now you are asking how to remove that type of restriction?

Either way, you would have to provide:

the type of firewall and version being used to either restrict/not restrict the access problem you are trying to deal with.


Sys-A < - - - > single gateway <----> Internet
Sys-B <---------^

< - - - > limited access
<------> full access

I am sorry if this whole thing seems confusing.

As far as posting specific details pertaining to system types and firewalls and such, I will try to give you what I can after a bit of explanation.

But first, the real problem.

In my section - the Promotion section - there is this person who has truly developed his IT knowledge and skills. By all rights, he could be the top of our IT section. Unfortunately he is so self serving that my company will not allow him to be the top because he is down right dangerous.

So, what happens is this person whats to show the company how "incompetent" our IT people are. From time to time he creates "little" disturbances to try and up his own personal value. You see, this person used to be in the IT section, so he basically has access to anything he wants at present.

This then brings us to my question and problem.

Certain decision making personnel in my department have started to experience trouble when they try to access the internet from our intranet. Up until recently this task presented no trouble. (BTW, In my examples with A and B, A is the person having trouble)

As such I believe this "unhappy" person has been tinkering with something in such a way as to try and force my company to put him in power.

I want to try and confirm his tinkering, if it is tinkering. If it is not, I would like to try and fix the problem anyway.

I get the feeling that because some internet pages are viewable without problem on the PCs that are having trouble, our "unhappy" person has been tinkering with our firewall, proxy server and settings, or something else.

Of course, there is always the possibility that our "unhappy" person has not tinkered with anything. But then again, no definite patterns can be seen in the PCs (and PCs environments) that experience problems and those that do not, so this problem looks/feels to be "man made".

This is my situation.

As for details, what I have is the following ( from nmap):

Device type: general purpose|router|load balancer|firewall
Running (JUST GUESSING) : HP HP-UX 11.X|10.X (93%), Cabletron embedded (90%), FreeBSD 4.X|3.X (89%), NetBSD (89%), Cisco IOS 12.X (88%), F5 Labs BSDI (88%), Secure Computing embedded (88%), BSDI BSD/OS 3.X (87%)
Aggressive OS guesses: HP-UX B11.00 U 9000/839 (93%), Cabletron Smart Switch Router 8600 (90%), FreeBSD 4.4-STABLE (89%), FreeBSD 4.7-STABLE (89%), HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 (89%), HP-UX 10.20 (89%), NetBSD 1.3I through 1.6 (89%), Cisco router running IOS 12.1.5-12.2.13a (88%), Cisco IOS 12.0(3.3)S (perhaps a 7200 router) (88%), F5 Labs Big/IP HA TCP/IP Load Balancer (BSDI kernel/x86) (88%)

Additionally, I believe that all requests to the internet from inside our intranet go through a proxy, which I believe to be squid.

So, there you have it. I suppose this is all very confusing as it should be.

My basic question then, or, perhaps better put, the point that stumps me the most then is the fact that while most internet pages are "unviewable", some may be viewed with no problem. Additionally, pages on our company's internet site that can not be view , are viewable when downloaded to an intranet server. This really stumps me! Why is this possible if someone has no been tinkering with something?

Sorry for the long story.