No Internet...Yes Email

Posted on 2006-06-03
Last Modified: 2010-03-19
OK, my Networking friends, I have another one...I know there are probably many paths to the same destination...I'm looking for the quickest and most reliable.

8 PC's on a peers LAN, switch, XP Pro, Verizon Versalink 327W router. Four of these PC's need access to 'webmail' as in 'http://webmail.<domain>.com'. The same four need to be otherwise BANNED from any Internet usage.

The other four need Internet access, but BANNED from downloading anything.

Whaddya think?
Question by:Jeff_Burns
    LVL 5

    Accepted Solution

    Step 1 (webmail only). You need to set up web filtering so those 4 IP's are "block all except specified websites" or block external traffic except for the "http://webmail.." IP address. If the Versalink doesn't do this then perhaps another EE member can help (it can be done with DNS Tomfoolery too but isn't quick and easy if the DNS server isn't under your control.)

    Step 2 Internet Options....Security....Internet Zone....Custom....File Download - > Disable. A savvy user might know how to change this setting to select use of TWeakUI (free) can help prevent this too.
    LVL 51

    Assisted Solution

    by:Keith Alabaster
    Not sure if there IS a quick and easy way for this.

    The first four of these are fairly straight forward. remove the dns entries from their nic's and put in a local hosts file for each of the PC's plus the IP addresses of the web mail boxes you want them to contact. Alternatively, set the router with an ACL to only allow the ip addresses of these four machines to go to the ip addresses of the web mail servers.

    The second four would need to be blocked as mentioned above through the ie.

    Naturally, putting in a proxy server such as ISA would be the most reliable (and the quickest) way and would allow you to meet all of the goals. If you wanted to evaluate it (and assuming you have a spare machine) MS has the ISA2006 release available for download on a 6 month trial basis.
    LVL 13

    Assisted Solution

    First task of giving access to only webmail can be done easily either by using ACL on router on by DNS.

    But other 4 PC require Internet access but not download can only be done using Content Filtering Proxy Server.
    Because router cannot difference between a ZIP being downloaded or HTML page being loaded.

    For this reason, you must install a Proxy server. If you are looking to inexpensive solution then either try Squid or 602LANSuite(Free version support limited users. But is greater then 8 users). Squid is bit hard to configure. 602 have all gui.

    If you want a good enterprise solution, go for MS ISA 2004. ISA can do what you require easily and can do many more things which you may require in future. (e.g Publishing mail, web, ftp Servers, hosting VPNs etc.)


    Author Comment

    OK, this isn't 'ideal' but it works. My customer is not interested in investing anymore cash into this, so as a temporary(?) fix I configured Outlook Express to handle the e-mail. I then programmed the Internet Options-Connections to a proxy server of, which of course, doesn't exist. Finally, I removed access to Internet Options from the users accounts via Group Policy.
    I couldn't remove DNS without it affecting the email. A proxy server is out of the question. The router is a Versalink 327W, which does not have the same options and functions of a Linksys router.
    I'll split the points for effort and input. I appreciate all your help. Do you see any potential pitfalls in this configuration that I haven't considered?
    Thanks again,

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    NetScaler Deployment Guides and Resources

    Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

    Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here ( 2. Ensure that you disable the windows fi…
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now