Each NIC has an IP address. (let's call them NIC#1 & NIC#2).
Controlling the usage is done using the firewall (which says if you want to controll
multiple systems, each firewall needs to be configured).
For the LAN only usage, you need to allow only traffic to the LAN subnet(
NIC#1)
For the Internet only use, you need to disallow traffic on the LAN subnet(
NIC#2)
Depending upon which firewall you are using, you may be able to define an
address group (ie the LAN) using a name (eg:
lansubnet)
So, here's the generic rules which must be in this order:
- allow in/out tcp/udp port 67,68 (this is the DHCP service)
- allow in/out port 53 (the DNS service)
- allow in/out tcp/udp src NIC#1dst lansubnet
- deny in/out tcp/udp src NIC#2 dst lansubnet
You should consider other factors, such as where is the email coming from
(Exchange server or ISP pop3 account).
Additionally, the physical wiring can be a big factor here; can you feedback a simple diagram?