Block Internet Access in A LAN

  • Thread starter Thread starter Edwin Loo
  • Start date Start date
E

Edwin Loo

Hi,

My company has a server hosting a web software wrote in
MS Access and we need to activate IE to access to the
software.

However, I do not want some of the users to access the
internet. All users are with, DNS, gateways and WINS in.

Is there anyway that I can block the users for internet
access and yet can still access to out own internal server

Pls advise urgently.

Thank you very much

Edwin Loo
 
The best way to do this is with a full featured proxy server like MS ISA
server.

However, you can deny Internet access on a per machine basis by not
configuring a default gateway on the computer or by configuring a fake one.

If a computer has no default gateway to the Internet, you can still use
static routes to give it access to specific Internet resources:

route -p add <IPaddressofallowedSite> MASK 255.255.255.255
<IPaddressofGateway>

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
Thank you very much.

Does it mean that if i do not put in the gateway
then the user will not be able to access the internet.

But the user need to retrieve their email and I did have
the the DNS input to their system. Can they still
retrieve email without the gateway?

How can I gave them the access to email and yet block
them from internet access. They must also be also to
access my internal sever with the server IP.

Pls advise what can I do. I do not have the budget on
a MS proxy server.

Edwin Loo
 
If the machine has no default gateway, the machine will not have Internet
access. Access to the internal web server does not require a default
gatewy - although it may require a static route if there are routers on the
internal network. Access to an external mail server can be configured with
a static route to a specific IP address per my first post - just use the
255.255.255.255 mask and the IP address of the 'default' gateway. DNS is a
name resolution mechanism; it has nothing directly to do with Internet
access. You can configure a static route to the IP address of an external
DNS server if necessary. Giving a machine static routes to specific IP
addresses or networks does not give it general Internet access - you need a
default gateway for that.

Also, you can use login scripts to change the default gateway when certain
users logon. However, the change will be permanent until changed again -
perhaps by another login script. See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;257748

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Internet access in a LAN 2
Blocking internet sharing 3
Enabling internet on 2 computers (Client - Server) 1
Unable to access internet thru LAN 7
lan / internet problem 6
XP LAN WIRELESS BRIDGE IIS 4
Unable to Access Internet in Normal Mode 1
Internet not accessable from one desktop, but lan works fine. 1

Back
Top