limiting internet access for 1 machine on lan

Status
Not open for further replies.

Spike

Posts: 2,122   +0
I'm busy configuring a fileserver at the moment using winxp pro. It's going to be connected to a lan through a wired connection to a Netgear DG834G router. I wish it to be accessable through the LAN, but I don't wish it to have internet access (with the exception of very few addresses, such as AVG update, spybot update, etc)

This computer isn't going to be used as a workstation at all, and so if something goes wrong, such as the firewall crashing, it won't be noticed. For that reason, as well as blocking massive address ranges through the firewalls advanced rules, I wish also to block the same ranges from within windows. As I understand it, the HOSTS file only deals with outbound traffic, and so I would like to know if there is a foolproof way of blocking these ranges from within windows itself.

Or have I got it all wrong? lol
 
The right way to do it is to block the addresses from the router. Your router almost certainly has a packet filter in it. In there you specify "allow" rules for the server that let you access the specific IP addresses needed.

The second correct place to do it is the packet filter (or advanced rules or whatever) part of your software firewall. Again, you only give it a few "allow" rules and then put a "deny all" rule in the end.
 
Oh, half right then :D - Thanks for that Nosdu, much appreciated.

I have another three machines on the router, and eac of them require internet access. I would assume that blocking these address ranges threough the routers firewall would block them for all machines. To block them for one single machine, where would I do it? (I know a little about routers, but I've not got a massive amount of experience with them.)
 
How precise you can be with your filtering rules depends on the intelligence of your firewall. I checked the manual for Netgear DG834G and the packet filter in there is a decent one. Just see the manual under outbound rules.
 
Status
Not open for further replies.
Back