[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

How to restrict web browsing on nat server

Hello Expert,

               I need to restrict bandwidth usage on my
network, hence only email , secure websites and vpn connection
should be allowed.
I read a reponse by robwil "Restrictions of Internet Access on my router"
can this be applied to windows 2000 nat server acting as a router.

Not too sure I understand how to create a service but I Will
provide an example of my understanding
please correct if wrong

creating a service for l2tp vpn

service = vpn(port 1701)
action = allow always

  • 3
1 Solution
Rob WilliamsCommented:
Hi jomfra. With many routers it is pretty hard to gain total control, especially with chat programs, but you can certainly block a lot of the unwanted traffic. What make and model router are you using, perhaps I can give you some specific suggestions.
Also, what type of VPN connection are you using? 1701 would imply L2TP, is this terminated on the router or a VPN server behind the router such as a Windows VPN server?
jomfraAuthor Commented:
Hello Robwil,

                   I am not using a hardware router.
I am tring to see if windows 2000 nat server can block unwanted
the vpn connection related in the question is just an example.
This layout is a test layout . i have three computers
connected to a windows 2000 nat server and
i am testing to see if i can control access only to email and
secure web sites.
My apology . ignore the vpn example.
The only two items should pass thru the nat server are
(1) emails
(2) access to secure web sites.

Remember i am using a 2000 server with nat configured
as my gateway to the internet.

Rob WilliamsCommented:
Must say I haven't done it this way but probably your best option with 2000 is to use the built in filtering capability. Go to:
Control panel | Network Connections | right click on the WAN adapter and choose properties | Internet protocol -TCP/IP properties | Advanced | Options | Properties
Here you can set your filtering rules. You don't need to check the "enable TCP/IP filtering all adapters" as you won't want to filter any traffic between the PC's and the server, just the server and the Internet. As a matter of fact it will switch on by default, make sure you disable (un-check) before applying. Also probably best to leave "IP protocols" set to permit all, at least for now. Then check Permit only for TCP and UDP ports and enter the services you wish to enable. You will need Port 53 for DNS, 110 for receiving POP mail, possibly 110 for SMTP sending e-mail, and 443 for secure web site. If you use Exchange or other mail services these ports may be different. It may take a little fiddling, as sometimes additional service that are not apparent are needed, such as 53 DNS.

Following is rather vague but explains the basics:
Rob WilliamsCommented:
Thanks jomfra,

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now