mrpc_cambodia
asked on
How to restrict certain client from accessing NAT server
Hi,
I setup windows 2003 server SP1 as a NAT server to share internet connection to my LAN client.
I wish to block some client from accessing the internet, so can you show me what sort of configuration should I do to achieve this? I believe the basic firewall in windows 2003 server can do this. But I don't know how.
Kind regards,
mrpc_cambodia
I setup windows 2003 server SP1 as a NAT server to share internet connection to my LAN client.
I wish to block some client from accessing the internet, so can you show me what sort of configuration should I do to achieve this? I believe the basic firewall in windows 2003 server can do this. But I don't know how.
Kind regards,
mrpc_cambodia
Are the PCs that are going through your Server have a static or DHCP IP address?
ASKER
All those client have dhcp address. I use the same server to act as DHCP server.
You can setup the DHCP to exclude the user's PC MAC address, thus not assign them a Internet gateway.
http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html
http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html
ASKER
Thanks for your comment.
what if the user know the ip of the gateway and he change his pc to static ip and assign the gateway by himself, then he will still can access the internet.
can we do something on the firewall so that a certain ip or mac address will be blocked from going through the NAT?
Thanks,
what if the user know the ip of the gateway and he change his pc to static ip and assign the gateway by himself, then he will still can access the internet.
can we do something on the firewall so that a certain ip or mac address will be blocked from going through the NAT?
Thanks,
No. The Microsoft Server firewall doesn't have the capibility for handing/filtering MAC addresses.
However, you could get a cheap NAT-based router (i.e. Linksys BEFSX41) and have it handle the MAC address filtering to block it from accessing the Internet. The Linksys BEFSX41 has a very easy to use web interface and you can block the access to that PC's MAC address with a time limit or whatever you like.
Linksys BEFSX41 VPN/Endpoint Router:
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1130276636538&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3653822279B01
However, you could get a cheap NAT-based router (i.e. Linksys BEFSX41) and have it handle the MAC address filtering to block it from accessing the Internet. The Linksys BEFSX41 has a very easy to use web interface and you can block the access to that PC's MAC address with a time limit or whatever you like.
Linksys BEFSX41 VPN/Endpoint Router:
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1130276636538&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3653822279B01
ASKER
Could you also recommend me a software solution to block access based on IP or MAC address?
Thank you,
Thank you,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much. You're so helpful.
Glad I could help.
-- Michael
-- Michael