No Internet...Yes Email

OK, my Networking friends, I have another one...I know there are probably many paths to the same destination...I'm looking for the quickest and most reliable.

8 PC's on a peers LAN, switch, XP Pro, Verizon Versalink 327W router. Four of these PC's need access to 'webmail' as in 'http://webmail.<domain>.com'. The same four need to be otherwise BANNED from any Internet usage.

The other four need Internet access, but BANNED from downloading anything.

Whaddya think?
Who is Participating?
The_IT_GarageConnect With a Mentor Commented:
Step 1 (webmail only). You need to set up web filtering so those 4 IP's are "block all except specified websites" or block external traffic except for the "http://webmail.." IP address. If the Versalink doesn't do this then perhaps another EE member can help (it can be done with DNS Tomfoolery too but isn't quick and easy if the DNS server isn't under your control.)

Step 2 Internet Options....Security....Internet Zone....Custom....File Download - > Disable. A savvy user might know how to change this setting to select use of TWeakUI (free) can help prevent this too.
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Not sure if there IS a quick and easy way for this.

The first four of these are fairly straight forward. remove the dns entries from their nic's and put in a local hosts file for each of the PC's plus the IP addresses of the web mail boxes you want them to contact. Alternatively, set the router with an ACL to only allow the ip addresses of these four machines to go to the ip addresses of the web mail servers.

The second four would need to be blocked as mentioned above through the ie.

Naturally, putting in a proxy server such as ISA would be the most reliable (and the quickest) way and would allow you to meet all of the goals. If you wanted to evaluate it (and assuming you have a spare machine) MS has the ISA2006 release available for download on a 6 month trial basis.
prashsaxConnect With a Mentor Commented:
First task of giving access to only webmail can be done easily either by using ACL on router on by DNS.

But other 4 PC require Internet access but not download can only be done using Content Filtering Proxy Server.
Because router cannot difference between a ZIP being downloaded or HTML page being loaded.

For this reason, you must install a Proxy server. If you are looking to inexpensive solution then either try Squid or 602LANSuite(Free version support limited users. But is greater then 8 users). Squid is bit hard to configure. 602 have all gui.

If you want a good enterprise solution, go for MS ISA 2004. ISA can do what you require easily and can do many more things which you may require in future. (e.g Publishing mail, web, ftp Servers, hosting VPNs etc.)

Jeff_BurnsAuthor Commented:
OK, this isn't 'ideal' but it works. My customer is not interested in investing anymore cash into this, so as a temporary(?) fix I configured Outlook Express to handle the e-mail. I then programmed the Internet Options-Connections to a proxy server of, which of course, doesn't exist. Finally, I removed access to Internet Options from the users accounts via Group Policy.
I couldn't remove DNS without it affecting the email. A proxy server is out of the question. The router is a Versalink 327W, which does not have the same options and functions of a Linksys router.
I'll split the points for effort and input. I appreciate all your help. Do you see any potential pitfalls in this configuration that I haven't considered?
Thanks again,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.