Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Disconnect Internet but not LAN

Posted on 2011-02-11
7
761 Views
Last Modified: 2012-05-11
Hello,
We are about to put a public computer out in the productions shop and was wondering if there was a way have it disconnected from the internet but not the LAN. We will be sharing information such as blueprints and safety pdfs on the network for them to view. We do not want them to have access to the internet viewing.

What would be the best way to do this?
I was thinking about just removing Internet Explorer.. Any better ideas?

Thanks!
0
Comment
Question by:MattBamm
7 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 34872032
Give the machine a fixed IP address and no default gateway.
0
 

Author Comment

by:MattBamm
ID: 34872045
wow, i never thought about that.

That is a great idea.
0
 
LVL 9

Expert Comment

by:sah18
ID: 34872057
Do you have a centralized firewall that this computer passes through?  If yes, your other option would be to assign a static IP to this system (if it doesn't already have one), and block port 80 and 443 access for this particular IP in your firewall rules.

If you do not have a centralized firewall, you may be able to block those same ports from all traffic on any local firewall software you have installed.

Short of using firewall rules, your idea to remove IE is not a bad one (not sure how easy this is to do -- haven't tried to strip that out before).
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Expert Comment

by:delmc
ID: 34872741
You could create a group policy to point IE to a fake proxy server, define the users in a group called restricted IE and this would stop any traffic from going out to the web. Alternatively you could use sah18/ paulmacd's solutions in regards to restricting internet explorer as both would work equally as well.
0
 
LVL 2

Expert Comment

by:Parrish Chamberlain
ID: 34872947
If you have an ISA server you can add the computer names to th edeny access group, alternavley you can create a special group in DHCP and DNS that allows local network but no Internet, customers can still have intranet access to certain internal sites using a combination of the above.

If you do not have any of these servers use an open dns site and add the IP of the computers here to restrict access to www
0
 
LVL 7

Expert Comment

by:fhmc
ID: 34878171
Paulmacd  "Give the machine a fixed IP address and no default gateway. "

I agree w/ Paulmacd's suggestion.  If you employ this solution make sure the user doesn't have admin rights as admin users may modify their route tables...
0
 
LVL 2

Expert Comment

by:-HenryM-
ID: 34883804
you should also consider a group/local policy to block off non-admins from changing the network settings... depending on the user rights - they could potentially populate the default gateway and connect to the internet...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question