• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

block IP address

Hi Experts

My question is as following:

There are two subnets, 192.168.1.0/24 and 192.169.200.0/24.  The two subnets can ping each other.

I have a Windows 7 PC.  When the PC gets IP address from DHCP in the subnet 192.168.1/24, I can print to the printer with 192.168.1.10 address.  When I move my PC to the other subnet and get an IP address from DHCP of 192.168.200.0 subsnet, how can I  setup or run a scrip automatically to block the PC to print to the printer which is setup as default printer on my PC?

Thanks

EnjoyNet

0
EnjoyNet
Asked:
EnjoyNet
  • 6
  • 5
1 Solution
 
Lee_YCPCommented:
A few options:
1. Well, since they are two different subnets, you could simply use the routers to block traffic to/from the printer IP and the 200.0 subnet.
2. Do you have two different DC's for those subnets?  If so, you could assign the network printer based on the logon DC (i.e. which is tied to a specific subnet).  AD Sites and Services would have to be setup correctly.
3.  Put this code in a bat file and then put it in your \startup folder:  Gimme a sec to write it, I assume that your firewall is useable as a filter.
0
 
cbmmCommented:
are they vlans?
0
 
EnjoyNetAuthor Commented:
Thank you for your prompt reply.
1. this is a special case and don't want to block using router
2. Yes, actually they are in different domain. So when I go to subnet 192.168.200.0, I still logon the domain (or Cache logon) for sub 192.168.1.0.
3. I prefer to use this option if you can write a script to solve this unusual case.

Thanks
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
EnjoyNetAuthor Commented:
They are not a vlan and they are two subnets with vpn tunnel.  Thanks
0
 
Lee_YCPCommented:
Is there a router between the two subnets or some type of NAT/firewall?
0
 
Lee_YCPCommented:
Nevermind on the NAT/firewall question.  
Place this code inside a .bat or .cmd file and place it in your startup folder.

@echo off
sc query MpsSvc | find /I "RUNNING" >nul || echo Firewall service not running. && goto EOF

netsh advfirewall firewall show rule name=all | find /I "192.168.1.10_Printer_Rule" >nul && goto skip_add
netsh advfirewall firewall add rule name="192.168.1.10_Printer_Rule" remoteip=192.168.1.10 dir=out protocol=any action=block enable=yes 

:skip_add
REM Block traffic to 192.168.1.10 if host is on 192.168.200.0/24 subnet
ipconfig /all | find /I "192.168.200." >nul && netsh advfirewall firewall set rule name="192.168.1.10_Printer_Rule" new action=block
REM Allow traffic to 192.168.1.10 if host is on any other /24 subnet
ipconfig /all | find /I "192.168.200." >nul || netsh advfirewall firewall set rule name="192.168.1.10_Printer_Rule" new action=allow

Open in new window

0
 
EnjoyNetAuthor Commented:
Thank you for the code.

Could you please explain briefly about the first three lines, below @Echo line?

If I put this .bat file into Start folder, does it only take affect when the pc is reboot?

If I have another printer which ip is 192.168.1.11, how do we modify the code?

Sorry I am not a programmer so really need your instruction.  

Thanks
0
 
Lee_YCPCommented:
Line 1 tells it not to echo the commands to the screen.
Line 2 checks to see if the firewall is actually running.  If not the script ends.
Line 4 checks to see if the firewall rule exists.  If it does it skips to line 7.
Line 5 creates the firewall rule for the printer or whatever located at IP 192.168.1.10.
Line 6
Line 7 this is a "GOTO" label usd by line 4.
Line 8 is a comment that explains the next line.
Line 9 checks your IP address and if your IP address is in the 200.0/24 subnet, it blocks communication with the 192.168.1.10 printer by enabling the rule created in line 5
Line 10 is a comment that explains the next line.
Line 11 checks your IP address and if your IP address is anything not in the 200.0/24 subnet, it unblocks communication with the 192.168.1.10 printer.  The is a catch-all so that it is only unblocked once you move from a 200.0/24 subnet to anything else.
0
 
Lee_YCPCommented:
Well, based on the way I wrote the script, do a find/replace and give the document a new name.  Then place that document in the startup folder like you did the other one.

So, if the new printer is located at 192.168.1.11:
1.  Replace "192.168.1.10" with "192.168.1.11" in the document
2.  Save it with a new name (the file still needs to end in .bat or .cmd)
3.  Add that file to the startup folder.

0
 
Lee_YCPCommented:
Sorry, I missed your other question.  Well, it does not occur "everytime you boot".  It occurs everytime you "login"; meaning if you log off and back on, then it will run again.  You can also execute it anytime you want by navigating to "Start" \ "All Prgrams" \ "Startup" and executing the file from there.
0
 
EnjoyNetAuthor Commented:
Hi Lee,

Please give me a couple of few days to test it out.  I may close the case first, but if I run into issues, how can I contact you for help?

Thanks

EnjoyNet
0
 
EnjoyNetAuthor Commented:
Hi Lee,

Does your codes work for both XP and W7?

Thanks

Enjoynet
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now