sysnimda
asked on
How to restrict a PC to only a subnet and internet access from host file?
Hello,
I am trying to figure out a way to changing a static route on a machine's host file. I appreciate your help.
Thank you!
I am trying to figure out a way to changing a static route on a machine's host file. I appreciate your help.
Thank you!
Not sure what you mean by static route but if you want to restrict the PC's Internet access to only the entries in the hosts file, you could remove the DNS server address from the IP properties. This would cause issues if the PC is domain-joined though as DNS is used to locate a domain controller.
Routing and hosts file are not related.
Can you be more clear about what you want to accomplish? Is the subnet you want to access local to the device, or remote?
Are there subnets in the environment? If there are, putting the device into its own subnet and then apply controls at the network layer (L3 switch, router, or firewall) could be more appropriate, but I don't know what you're trying to accomplish.
Can you be more clear about what you want to accomplish? Is the subnet you want to access local to the device, or remote?
Are there subnets in the environment? If there are, putting the device into its own subnet and then apply controls at the network layer (L3 switch, router, or firewall) could be more appropriate, but I don't know what you're trying to accomplish.
ASKER
I apologize, I mean a systems routing table/policy. Can I add a static route on a system to accomplish this?
Possibly. For example, if you were at 10.0.0.10/24, and you want to allow traffic to 10.0.0.0/24, 192.168.10.0/24, block all other private networks but allow internet access you can do that by putting in invalid static routes.
route add -p 192.168.10.0 mask 255.255.255.0 10.0.0.1
route add -p 192.168.0.0 mask 255.255.0.0 127.0.0.1
route add -p 172.16.0.0 mask 255.240.0 127.0.0.1
route add -p 10.0.0.0 mask 255.0.0.0 127.0.0.1
route add -p 0.0.0.0 mask 0.0.0.0 10.0.0.1
...but I would rather control traffic via a network device than trust that the machine is properly configured. An administrator could also change the routing on the machine.
ASKER
Lets say my IP is 192.168.2.2 and my gateway is 192.168.1.1 and I want to ONLY allow to 192.168.48.0/22 and ONLY internet as well. How would that look? THANK YOU SO MUCH!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much Kevinhsieh!