Denying Internet Access while allowing gateway to be present

[Guest]

First off, the topography. I have two facilities on different subnets which requires me to have the gateway present to allow the networks to talk to each other. I have some users who require full internet & intranet access, but others that do not need access to the internet, just the intranet.

Is there a way that I can completely disable internet access on certain machines (most are Win2000, but a few are Win98) but still allow them access to the other subnet via the gateway? I'd like to do something at the hardware level as opposed to having to install a proxy or firewall application to accomplish this, if at all possible.

TiA!
-Roger Anthony
(e-mail address removed)

 

[Doug Sherman [MVP]]

Yes. On the machines which you do not want to access the internet:

1. configure a static route:

route -p add <network address of other subnet - eg. 192.168.1.0> MASK<subnet
mask of other subnet> <IP address of gateway>

2. Do NOT configure a default gateway for these machines - if you use DHCP
with scope options, you will have to switch these machines to a static
configuration.

This will work even if you connect to the other subnet by VPN - simply use
the public IP and mask for the VPN server on the other network in your
static route.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

First off, the topography. I have two facilities on different subnets

which requires me to have the gateway present to allow the networks to talk
to each other. I have some users who require full internet & intranet
access, but others that do not need access to the internet, just the
intranet.

Is there a way that I can completely disable internet access on certain

machines (most are Win2000, but a few are Win98) but still allow them access
to the other subnet via the gateway? I'd like to do something at the
hardware level as opposed to having to install a proxy or firewall
application to accomplish this, if at all possible.