We help IT Professionals succeed at work.

How to restrict certain client from accessing NAT server

Hi,

I setup windows 2003 server SP1 as a NAT server to share internet connection to my LAN client.

I wish to block some client from accessing the internet, so can you show me what sort of configuration should I do to achieve this? I believe the basic firewall in windows 2003 server can do this. But I don't know how.


Kind regards,

mrpc_cambodia
Comment
Watch Question

Michael WorshamCloud/Infrastructure Solutions Architect
BRONZE EXPERT

Commented:
Are the PCs that are going through your Server have a static or DHCP IP address?

Author

Commented:
All those client have dhcp address. I use the same server to act as DHCP server.
Michael WorshamCloud/Infrastructure Solutions Architect
BRONZE EXPERT

Commented:
You can setup the DHCP to exclude the user's PC MAC address, thus not assign them a Internet gateway.
http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html

Author

Commented:
Thanks for your comment.

what if the user know the ip of the gateway and he change his pc to static ip and assign the gateway by himself, then he will still can access the internet.

can we do something on the firewall so that a certain ip or mac address will be blocked from going through the NAT?


Thanks,

Michael WorshamCloud/Infrastructure Solutions Architect
BRONZE EXPERT

Commented:
No. The Microsoft Server firewall doesn't have the capibility for handing/filtering MAC addresses.

However, you could get a cheap NAT-based router (i.e. Linksys BEFSX41) and have it handle the MAC address filtering to block it from accessing the Internet. The Linksys BEFSX41 has a very easy to use web interface and you can block the access to that PC's MAC address with a time limit or whatever you like.

Linksys BEFSX41 VPN/Endpoint Router:
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1130276636538&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3653822279B01

Author

Commented:
Could you also recommend me a software solution to block access based on IP or MAC address?

Thank you,
Cloud/Infrastructure Solutions Architect
BRONZE EXPERT
Commented:
There aren't any 'free' software solutions for MAC filtering firewalls, however I was able to find a site that has a trial software and works on Server 2003:

VisNetic Firewall (http://www.deerfield.com/products/visnetic-firewall/)

MAC Address Filtering
VisNetic Firewall now has the ability to filter traffic based on MAC addresses. Because a MAC address is specific to one individual network interface, this feature is particularly useful if you want to allow or block traffic from a particular computer whose IP address may change.

Added Features:
http://www.deerfield.com/products/visnetic-firewall/features/fulllist.htm

Trial: http://www.deerfield.com/download/visnetic-firewall/

Author

Commented:
Thanks so much. You're so helpful.
Michael WorshamCloud/Infrastructure Solutions Architect
BRONZE EXPERT

Commented:
Glad I could help.

-- Michael

Explore More ContentExplore courses, solutions, and other research materials related to this topic.