Sharing internet connection while preventing inter-network access

I want to create a network to allow multiple PC clients to share an internet connection without being able to access each other.

Currently we have an adsl modem connected to a standard basic swtich. Multiple computers are plugged into the swtich each being able to access the net. The problem lies that as they are all on the same network range they can see each other.

What do i need to do to provide access to the internet but without access to any other devices on the network?
matt_cowdellAsked:
Who is Participating?
 
kdearingConnect With a Mentor Commented:
The best way to do it would be to put the client groups in separate VLANs.
You will need a switch and a router/firewall that have VLAN capabilities.

What type of switch are you using now?
Do you have a preferred mfr?
What is your budget for this?
0
 
rlsm_techCommented:
Based on the description of you network I am going to assume that the DSL modem is acting as your router and probably DHCP server.  Each computer is getting its network IP information from the modem and is being dynamically updated.

I will assume that you do not have any printers on the workstations that you need to share. The simplest solution would be to disable print and file sharing on the individual desktop computers.  The individual machines would show up in the network neighborhood but would not be accessible.

To disable file and print sharing in Vista:

Click the Windows (Start) button in the lower left corner of the desktop.
Click on the Control Panel.
Click on Network and Sharing Center
Under the sharing and discovery section click the arrow button at the end of each section to expand the section.
Click the radio button next to the option you want to disable "Turn off file sharing"
Complete this task for each section; File sharing, Public Folder Sharing, Printer Sharing, and Media sharing.
Close the Control Panel window.


To disable file and print sharing in Windows XP:

Click the Start button in the lower left corner of the desktop.
Click Settings, then click Control Panel.
In the Control Panel, click Network Connections.
In the Network Connections window, right-click on the appropriate connection, then select Properties.
Uncheck the File and Printer Sharing for Microsoft Networks check box.
Click OK, then close the Control Panel window.

To disable file and print sharing in Windows 2000:

Click the Start button in the lower left corner of the desktop.
Click Settings, then click Control Panel.
In the Control Panel, click Network and Dial-up Connections.
In the Network and Dial-up Connections window, righ-click on the appropriate connection, then select Properties.
In the Connection Properties window, click the Networking tab.
Uncheck the File and Printer Sharing for Microsoft Networks check box.
Click OK, then close the Control Panel window.

0
 
tismetooCommented:
You can do this with Windows Firewall on XP or Vista, but I don't know of a way to implement this with the sort of networking hardware you have access to. Basic switches are designed to allow devices to talk to each other, not to restrict access. No point considering the ADSL modem as the packets between the devices will not get to it.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
kdearingCommented:
Without additional hardware and setting up VLANs, you're left with disabling sharing as rlsm_tech suggests.
0
 
matt_cowdellAuthor Commented:
I'm looking for  solution that is independent of the client computers - what hardware would do the job?
0
 
rlsm_techConnect With a Mentor Commented:
VLAN's are your simplest hardware solution.  Depending on the number of clients you have, and the level of VLAN managment, the price can get fairly expensive.  You need to look at a layer 2 managed switch.  These types of switches are capable of isolating computers by MAC or by port.  The lower end devices such as this D - LINK (http://www.newegg.com/Product/Product.aspx?Item=N82E16833122203) are cheap and isolate by port.  If you want to isolate by MAC the price will go up.  

Hope this helps.


0
 
rlsm_techCommented:
Just checked back on this thread and realized that the model of switch I posted was in fact a Netgear and not D-Link.  Just wanted to make sure that I did not confuse you.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.