[SGVLUG] Preventing certain Machines from Internet

Claude Felizardo cafelizardo at gmail.com
Mon Nov 5 17:23:16 PST 2007


On Nov 5, 2007 4:55 PM, Arthur Baldwin <eengnerd at yahoo.com> wrote:
>
> I was wondering if anyone knows of an existing project where the following
> can be acheived:
>
> List of hardware:
>
> two 8 port hubs
> one fairly new IBM compatible PC with two NICs (acting as filter)
> one DSL Modem and connection
> 8 IBM compatible workstations
>
> Notes:  From one of the workstations, be able to limit the access on any
> number of the 8 workstations so that Internet access would be completely
> excluded.  All this without affecting the browse-ability of other
> workstations on the LAN (with File sharing and Printer sharing).  The
> machine names and IP Addresses would be known.
>
> I think that this type of software would fill a very common need in very
> small businesses (less than 10 employees).
>
> Any ideas?
>
> Arthur

You might want to look at the features on some of the better currently
available SOHO routers.  IIRC, when I was setting up the routers for
friends and relatives, there were options to restrict access based on
time of day.  I didn't look at it in detail but I wouldn't be
surprised if they can do just what you are looking for so you might
not even need the extra PC.  How easily do you need to be able switch
things? One way might be to set up a rule to allow Internet access for
pc's within a certain range of static IPs and then block those with
dynamic IP's.

Or what about setting the gateway address for each PC to something non
existent?  Then specify valid gateway when you want outside access.
Will file sharing and printing still work when the gateway is bogus?

claude


More information about the SGVLUG mailing list