Block NIC from internet access but not local network

Status
Not open for further replies.
K

Karmashock

Posts: 223   +0
I have two network cards that connect to two different networks. The first network only should communicate with the computers on the local network and the second should be used to connect to the internet.


How do I force the computer to use a given NIC for internet access and the other for local file sharing etc?
 
Instead of two nics for access to different networks and functions, would it be easier to have just one nic if you could find something that restricted all network traffic allowed in/.out of the NIC so it would only talk to networks you want and use remote services you want, etc.

Would that fill the need? You need one NIC and a firewall.
 
one nic is for the office network... the second is for dedicated bandwidth for some intensive tasks.


The computer needs to access the other computers on the network to access shared files/printers... but it can't tie up the office internet or generate more traffic on the office network for it's other tasks. Ergo, it has a second dedicated connection for that purpose.

Surely their has to be a way to do this... perhaps a firewall program?
 
yes, in your case (given the additional info on your requirements) the answer is still a firewall. Firewall allows you to define "networks" and which one or more networks are allowed traffic over an adapter.
 
Each NIC has an IP address. (let's call them NIC#1 & NIC#2).

Controlling the usage is done using the firewall (which says if you want to controll
multiple systems, each firewall needs to be configured).

For the LAN only usage, you need to allow only traffic to the LAN subnet(NIC#1)

For the Internet only use, you need to disallow traffic on the LAN subnet(NIC#2)

Depending upon which firewall you are using, you may be able to define an
address group (ie the LAN) using a name (eg: lansubnet)

So, here's the generic rules which must be in this order:
  1. allow in/out tcp/udp port 67,68 (this is the DHCP service)
  2. allow in/out port 53 (the DNS service)
  3. allow in/out tcp/udp src NIC#1dst lansubnet
  4. deny in/out tcp/udp src NIC#2 dst lansubnet

You should consider other factors, such as where is the email coming from
(Exchange server or ISP pop3 account).

Additionally, the physical wiring can be a big factor here; can you feedback a simple diagram?
 
this solution sounds more complicated then the problem.


Sounds like the simplest way to deal with this is to just block that computer's IP at the router level from gaining access to the internet. Thus the computer will be forced to use the other nic.


I was hoping for an elegant solution but if I have to brute force it... then I'll just tear it's legs off.
 
There's another approach of altering the routing tables, but if you don't like the
firewall approach, you'll hate the RT maintenance.

Yes, it would be easier to use multiple routers and control traffic there.
 
Status
Not open for further replies.

Similar threads

A
BitTorrent dethroned as the main source of internet's upstream traffic
Replies
11
Views
199
Axeia
Axeia
A
Opera starts offering local access to LLMs and AI chatbots
Replies
2
Views
103
Eldritch
Eldritch
midian182
China claims to have launched world's first 1.2 terabit-per-second internet backbone
Replies
6
Views
305
havok585
havok585

Latest posts

Back