Block Internet Access

Greetings Experts,

I have one internet connection and I would like to restrict internet surfing and allow only one remote website of ip cameras.

What do you suggest in order to accomplish the above scenario?

Use a Web Filtering Program? (if yes do I need a 24/7 computer)
Software Firewall?
Router with built-in Firewall?

I am looking for a non-expensive solution. (kindly post type or manufacture for the above software or hardware)
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Some routers will allow or deny all except for a certain range of ips (some even use keywords)

all routers vary widely, even under the same manufacturer so check each page of your router config for this setting.

If you don't have it, the next best option is to use a 2ndary server (yes you will need another computer, but it can be a 10yr old one) Install linux on this machine and place it between your internet connection and router.

Some fairly basic config would be required to deny all then allow (aka the ip of the the http server)
evanmcnallyIT ConsultantCommented:
How many PCs are you needing to block?  If it is just one ot two, then you could probably do it with Windows software firewall on the PCs.

Another trick is to blank out the DNS server setting on each PC, then enter only the hostnames you want them to go to in c:\windows\system32\drivers\etc\hosts file.  They will not be able to resolve any names that you have not entered.

themrrobert also makes a good suggestion.  I would recommend pfsense for a pretty easy turn-key unix router distrobution.  You do not need to know anything about unix/linux to set it up (config is via a nice web interface).   An old Pentium 4 type PC is all you would need for pfsense.

This is not quite what you are asking for, but still worth a look:  If you want to control web surfing by the not allowing certain types of sites but allowing others, then is a great free service that will do this with no extra hardware or software.
All routers allows incoming firewall filter, but few do have outgoing firewall filters, and most of them uses keyword blocking, or site address blocking, and very few of those uses "block all" with exclude list,

the best simple way is not to enable the router to be a  gateway for your subnet, and make for it a different subnet that only recognized by the IP camera
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Oh yes, OpenDNS is a great tool

Ty evan I forgot about pfsense, I was about to pay for untangle licensing xD
evanmcnallyIT ConsultantCommented:
Very welcome :)  

I have a 130 user company that uses OpenDNS instead of a $10,000 iPrism web filter--iPrism was our first choice but OpenDNS gives us what we need for free.

Assuming you have a standard kind of Active Directory network (where the PCs all look to your domain controllers for DNS), then all you have to do is have all the DCs lookup against Open DNS and block outbound DNS at the router except for the DCs.  Instant free web filter!  The only real limitation is you cannot have different access levels for different users as the filtering config is global to the public IP you are using, but compared to the cost of something that does have per-user control the CEO decided they could live without it.  Having said all this, I would recommend iPrism if that's what you need--I have it setup elsewhere and it works as advertised with little fuss.

On the original topic--pfsense will filter outbound traffic based on port or LAN origination IP address.  I regularly buy Cisco 3600 routers with two fast ethernet interfaces for $400 or less.  In this day and age, there's no good reason to be stuck with a crumby "hasbro router" that will not filter outbound traffic.  This is not a premium feature any more.  Don't quote me, but I think I recently saw a Linksys/Cisco RV 120W that would block outbound and it is only $100 and includes wireless,
mamelasAuthor Commented:
Experts thank you all for your detailed replies.

My apologies but I am a little bit confused…

First of all the above scenario is applicable for House Project.
I don’t have DC’s, I don’t have Server and I cannot create any VLAN.

 That’s why I am looking  for a non-expensive solution.

Internet should be provided by a wireless router.

So any computer connected to the router (Wired or Wireless) should be blocked to access internet  and be allowed to one specific web-page (provided from an exclusion list).

So what should I do?
Remove default gateway from NIC.  This will prevent surfing.
From command line enter
Route add x.x.x.x y.y.y.y
X.x.x.x is ip camera
Y.y.y.y is default gateway (router ip)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rich RumbleSecurity SamuraiCommented:
Yep, that will do it, but you have to modify your DHCP server in the wifi or assign the IP's by hand (static) and turn off DHCP.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.