No Internet...Yes Email

Posted on 2006-06-03
Medium Priority
Last Modified: 2010-03-19
OK, my Networking friends, I have another one...I know there are probably many paths to the same destination...I'm looking for the quickest and most reliable.

8 PC's on a peers LAN, switch, XP Pro, Verizon Versalink 327W router. Four of these PC's need access to 'webmail' as in 'http://webmail.<domain>.com'. The same four need to be otherwise BANNED from any Internet usage.

The other four need Internet access, but BANNED from downloading anything.

Whaddya think?
Question by:Jeff_Burns

Accepted Solution

The_IT_Garage earned 501 total points
ID: 16826053
Step 1 (webmail only). You need to set up web filtering so those 4 IP's are "block all except specified websites" or block external traffic except for the "http://webmail.." IP address. If the Versalink doesn't do this then perhaps another EE member can help (it can be done with DNS Tomfoolery too but isn't quick and easy if the DNS server isn't under your control.)

Step 2 Internet Options....Security....Internet Zone....Custom....File Download - > Disable. A savvy user might know how to change this setting to select use of TWeakUI (free) can help prevent this too.
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 501 total points
ID: 16826683
Not sure if there IS a quick and easy way for this.

The first four of these are fairly straight forward. remove the dns entries from their nic's and put in a local hosts file for each of the PC's plus the IP addresses of the web mail boxes you want them to contact. Alternatively, set the router with an ACL to only allow the ip addresses of these four machines to go to the ip addresses of the web mail servers.

The second four would need to be blocked as mentioned above through the ie.

Naturally, putting in a proxy server such as ISA would be the most reliable (and the quickest) way and would allow you to meet all of the goals. If you wanted to evaluate it (and assuming you have a spare machine) MS has the ISA2006 release available for download on a 6 month trial basis.

LVL 13

Assisted Solution

prashsax earned 498 total points
ID: 16826938
First task of giving access to only webmail can be done easily either by using ACL on router on by DNS.

But other 4 PC require Internet access but not download can only be done using Content Filtering Proxy Server.
Because router cannot difference between a ZIP being downloaded or HTML page being loaded.

For this reason, you must install a Proxy server. If you are looking to inexpensive solution then either try Squid or 602LANSuite(Free version support limited users. But is greater then 8 users). Squid is bit hard to configure. 602 have all gui.

If you want a good enterprise solution, go for MS ISA 2004. ISA can do what you require easily and can do many more things which you may require in future. (e.g Publishing mail, web, ftp Servers, hosting VPNs etc.)


Author Comment

ID: 16966643
OK, this isn't 'ideal' but it works. My customer is not interested in investing anymore cash into this, so as a temporary(?) fix I configured Outlook Express to handle the e-mail. I then programmed the Internet Options-Connections to a proxy server of, which of course, doesn't exist. Finally, I removed access to Internet Options from the users accounts via Group Policy.
I couldn't remove DNS without it affecting the email. A proxy server is out of the question. The router is a Versalink 327W, which does not have the same options and functions of a Linksys router.
I'll split the points for effort and input. I appreciate all your help. Do you see any potential pitfalls in this configuration that I haven't considered?
Thanks again,

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question