• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 422
  • Last Modified:

how to allow LAN, but block Internet, on certain computers?

Hi. I run a LAN - 50 computers, Windows, AD Domain (for fileserver), kinda standard. I want to add a new Windows computer, but to be restricted to LAN only (i.e. filesharing), WITHOUT any access to the Internet. I want this computer to be blocked, from incoming and outgoing Internet traffic. (this is for its own protection - it's a mission-critical PC.)

How do I accomplish this? Are there software Firewall ports I can open/close? Am I missing something obvious?

2 Solutions
Are you running XP or Vista? You can use ip security to block ports 80 and 443, which would allow all other traffic, including email. In XP, you add a rule blocking all tcp packets to those two ports in control panel>Administrative tools>Local computer policy>IP Security Policies on local computer. Once you have created your rule, make sure you assign it. I haven't tried this on Vista, since we added a Cymphonix appliance before Vista came out. Some sort of appliance based filtering would work as well, but kind of pricey for a single system.
Well, the simplest thing you can do is to not specify gateway and DNS for that computer, at network settings you just put in IP adress, netmask and leave blank the gateway and DNS. That way the computer cannot connect to the intenet. Or you can block the computer's IP adress's access to the internet from the router/firewall. If you tell us what do you use for internet access (router or windows/ISA server) I'm sure somebody will give you details on how to block an IP adress's access to the internet, but I personally think that not giving that computer gateway and dns would do it. And maybe you should restrict the user's rights so they cannot change network settings.
Blocking this computer's ip/MAC address in the gateway/router is the simpliest.
soyproductAuthor Commented:
thanks people, I'll try these things later this week, and I'll post here again soon...

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now