Abraham Deutsch
asked on
Router with internet blocked except of 2
Have a environment where I want to restrict internet to all computers except of 2.
Looking for a router that instead of blocking the once I want to restrict I should be able to block all and allow the the few I want to allow (a ip range)
Not a big network no fancy router simple
it's about 25 devices all have a static ip configured on the device
Looking for a router that instead of blocking the once I want to restrict I should be able to block all and allow the the few I want to allow (a ip range)
Not a big network no fancy router simple
it's about 25 devices all have a static ip configured on the device
Jane Updegraff
does the router have a basic firewall feature? if so, see what the firewall offers. You might post the model of the router for more specific instructions. But for any firewall you'll still have to block all / all on the default rule and allow the two IPs (or an IP range) for internet ports (lets say 80 and 443) on a higher priority rule - meaning a rule that is applied earlier in the list rules above the block all/all.
If you have absolute control over the network, do MAC address restriction. Get the Ethernet MAC addresses for the two systems which are to be allowed access to the internet and configure the router to allow internet access to only those two MAC addresses.
(If you don't have absolute control over the network or you have ingenious employees this won't work because MAC address spoofing is not hard to do.)
An alternative approach that requires more work is to go to every computer that is not to have internet access and configure the HOSTS file to return all connections to .COM, .NET, .INFO, .BIZ, .MIL, .EDU and .US to 127.0.0.1. This should take care of most common internet sites.
(If you don't have absolute control over the network or you have ingenious employees this won't work because MAC address spoofing is not hard to do.)
An alternative approach that requires more work is to go to every computer that is not to have internet access and configure the HOSTS file to return all connections to .COM, .NET, .INFO, .BIZ, .MIL, .EDU and .US to 127.0.0.1. This should take care of most common internet sites.
Another handy option is to look for a router that has the feature LDAP authentication. This will allow you to put a rule in the firewall that tells it to only allow internet access to specific users or groups. Will be much easier in the future if the users change computers, or you want to change who is allowed internet access.
ASKER
@ Jane Updegraff I do not yet have a router, I am looking to buy one and looking for a recommendation of a model that I will be able to accomplish this
@ Brian B based on what I see on the internet a router with LDAP authentication is expensive I don't need a expensive router and would rather do IP by IP, a router that can block a ip range would be good since all devices are manually configured static IP
@ Brian B based on what I see on the internet a router with LDAP authentication is expensive I don't need a expensive router and would rather do IP by IP, a router that can block a ip range would be good since all devices are manually configured static IP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you
If you had said you wanted a specific model recommendation in the first place, you would have got different answers.