Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 07-06-2005, 03:16 AM   #1
Solid State Member
 
Join Date: Jul 2005
Posts: 13
Default block some PC on the network

Hi
recently I set up a network which consists of 7 PCs, and I subscribed in the DSL so that some members can run the internet on their own PCs.
My question is the following: is there a way that let me block some PCs so that they can't access the Internet, note that I want them to access the shared files on the network but not the Internet.

Note: I'm using the speedtouch 546 modem. and all the PCs run Windows XP.
__________________

__________________
the_one is offline   Reply With Quote
Old 07-06-2005, 10:29 AM   #2
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

Assuming you're using XP:

One way to remove the ability to browse with IE is to use XP's set program access and defaults utility.

1. Click on the Start button
2. Click on set program access and defaults
3. Select the Custom pull down list
4. Deselect the enable access to this program checkbox for Internet Explorer
5. Click ok

The second way is to add a bogus proxy server to IE's Internet Settings. Follow these steps:

1. In IE, go to Tools>>Internet Options.
2. On the Connections tab, click the LAN Settings button.
3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
4. Enter 0.0.0.0 in the Address text box.
5. Enter 80 in the Port text box, and click OK.

Good luck.
__________________

__________________
CrossCech is offline   Reply With Quote
Old 07-06-2005, 11:00 AM   #3
Solid State Member
 
Join Date: Jul 2005
Posts: 13
Default

Thank you alot, I need a way that's more efficient than this. Why? because those members know how to reconfigure these settings , especially that any one on the network can access the net automatically.
__________________
the_one is offline   Reply With Quote
Old 07-06-2005, 12:11 PM   #4
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

Then you will need a server (domain controller) to apply a group policy.

The following explains this:
f you are in charge of a domain controller for a company, you can restrict Internet settings via Group Policy. Follow these steps:

1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
2. On the Group Policy tab, click Edit.
3. Expand User Configuration to set restrictions on a per-user basis.
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
5. Select Connection, and double-click Proxy Settings.
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
7. Expand Administrative Templates, and expand Windows Components.
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
9. Select Enabled, and click OK.

If this is a network you've installed at a business, spend some money on a network specialist to come out and implement a network.
__________________
CrossCech is offline   Reply With Quote
Old 07-06-2005, 02:13 PM   #5
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: block some PC on the network

Eenable the Static DCHP

let say you only want 5 selected computers to have internet.. Once loged on, you may see an option to "Clone" or set up static DHCP.. this will bind the router selected IP with the mac address.

Then in the IP range, tell the router to only give out 5 ips. Now only those 5 computers with those Mac address's will have an IP for internet use.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 07-06-2005, 04:24 PM   #6
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

learn something new everyday ... I thought mac filtering was for wireless only. Thanks man ... Im going to look into this myself.
__________________
CrossCech is offline   Reply With Quote
Old 07-06-2005, 04:46 PM   #7
Solid State Member
 
Join Date: Jul 2005
Posts: 13
Default

I really appreciate your help, but do you know what the problem is ? the other PCs are in different houses,we are neighbors. Since we have a DSL subscribtion, I put some polices (as administrator) and one of them is that the user cannot use a switch and distribute the internet from his house. In case that happens I need a way to prevent unwanted PCs from gaining access to the Internet. I hope that I made it clear

I see that BuzzStPoing's way is more applicable, but I need more clarification, please.
__________________
the_one is offline   Reply With Quote
Old 07-06-2005, 05:36 PM   #8
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: block some PC on the network

Your neighbors are picking your signal and jumping on?

If you want to block this then enable WEP. you can enter a 64, 128 or 256 bit encrytion to block them from your wireless signal.

Now to help you further, What brand and model number of router do you have.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 07-06-2005, 05:42 PM   #9
Solid State Member
 
Join Date: Jul 2005
Posts: 13
Default Re: block some PC on the network

Quote:
Originally Posted by BuzzStPoint

Now to help you further, What brand and model number of router do you have.
I mentioned that previously:
it is speedtouch 546 ,and it's not wireless

thanx
__________________
the_one is offline   Reply With Quote
Old 07-06-2005, 05:50 PM   #10
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

You're a little confusing on what you're asking. You want the 7 pc's to have internet, but no one else? If so, then the way to go is mac filtering. Your first post made it seem like this was all in one building, no wireless involved, and you wanted 4-5 pc to have internet but the other 2-3 not to.

In order to use mac filtering you will need to access each pc and write down each pc's mac address of the wireless connection adapter. To do this: go to Start>Run>type cmd>enter>type ipconfig /all. Locate wireless connection and find physical address. It will be something similar to 00:4B:3C:46:10:BB or the like.

After you have all the mac addresses of each pc, access your router and find where it allows you to input mac addresses for mac filtering, then enable mac filtering.
__________________
CrossCech is offline   Reply With Quote
Old 07-06-2005, 05:52 PM   #11
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: block some PC on the network

Ok. my next Q is whay would you want to run cable between houses? That length of cable can cause slowness and loss of packets.

Anyways.. I can't find any online manuals for your router/modem. But there should be an IP filter/firewall..
All you need to do is assign Ip address per mac address for each computer. then in the Filter/firewall of the router you can deny port 80 with is internet.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 07-06-2005, 05:59 PM   #12
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

BuzzStPoint,

Would the_one need to turn off DHCP in order to implement ip filtering?

the_one,

Make sure you configure each pc with a static ip address (manually input) within the range you specify.
__________________
CrossCech is offline   Reply With Quote
Old 07-06-2005, 06:58 PM   #13
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: block some PC on the network

Cross..

Nope.. The IP filtering would be in the Firewall settings area.. But of course you can though. but that you have to specify an IP address in the tcp/ip settings of each computer.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 07-07-2005, 01:29 AM   #14
Solid State Member
 
Join Date: Jul 2005
Posts: 13
Default

OK, I failed to do so
__________________
the_one is offline   Reply With Quote
Old 07-07-2005, 10:02 AM   #15
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

well ... I guess Im a little confused on the point of assigning mac address per ip address. If your router issues DHCP and even limit the ip address range to 5 users, don't you run the risk of dhcp assigning ip address of pc #1 to pc# 2 the next time it requests an address at the end of the leasing period? Or does ip filtering "pool" the 5 ip addresses in the range for the "pool" of mac address and not care which goes to which machine at any given time?
__________________
CrossCech is offline   Reply With Quote
Old 07-07-2005, 11:06 AM   #16
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default

Cross..

Your on the right track.. by limiting your ip range..
If your router is capable of "Static DHCP" then you will be able to bind the mac address of that network card to that IP address..

Heres how you would allow the 7 computers on the network and only 5 get internet.
Ip range set 192.168.0.100 - 192.168.0.106

Computer 1
00-00-86-5D-D5-56 - 192.168.0.100
computer 2
00-00-86-5D-D5-57 - 192.168.0.101
Computer 3
00-00-86-5D-D5-58 - 192.168.0.102
Computer 4
00-00-86-5D-D5-59 - 192.168.0.103
Computer 5
00-00-86-5D-D5-60 - 192.168.0.104
Computer 6
00-00-86-5D-D5-61 - 192.168.0.105
Cpmputer 7
00-00-86-5D-D5-62 - 192.168.0.106

Now that you assigned each mac address an IP, at the end of the lease period it will reassign the same IP to that Mac.

When Computer 2 turns off and computer 6 turn on .. The router wont issue #2's IP because the mac address is different.

Now you would enter your Firewall setting in the router.
Create 4 rules
IP 192.168.0.105 "Deny" port 80
IP 192.168.0.105 "Deny" port 443
IP 192.268.0.106 "Deny" port 80
IP 192.168.0.106 "Deny" port 443

Computer 5 & 6 are now both on the network able to share files, but on get on the internet.
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 07-07-2005, 04:31 PM   #17
Daemon Poster
 
Join Date: Mar 2005
Posts: 825
Default Re: block some PC on the network

Think Im going have to take a better look at this idea. Can this concept work then to "deny" the remaining ip's in the class c range 192.168.x.x access to the network and internet ... essentially blocking potential intruders? Or is this still hackable? I realize I can limit how many static addresses the router can issue / work with, but ... any additional ways to block out thieves is always a plus.
__________________
CrossCech is offline   Reply With Quote
Old 07-07-2005, 04:45 PM   #18
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: block some PC on the network

hacking from where? within your own network of from the outside?

From the outside you close your ports you dont need.
As for banning from a partial IP.. yes.. some routers have you set it differently...

Like: 192.168.000.000 or 192.168.*.*

If your worried about people on the network hacking to get into the router and changing the ports so they can get around, then you may have an issue.. For this I would recommend:
Expensive way.
Buy yourself a Gateway. (stronger then a router)
Buy yourself a switch.

connect the switch to the router, The switch will issue automatic IPs itself. You now only have to worry about 1 ip in the router from the switch.
You then would only have the computers on the network connecting to the swtich, all other internet users would connect to the router.

Edit..
but your worried about the router issueing more ip?
if you tell your router to only issue 192.168.0.100 thru 192.168.0.106 then thats all the router will assign.. no one will be able to have 192.168.0.107
__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Old 07-07-2005, 05:15 PM   #19
Solid State Member
 
Join Date: Jul 2005
Posts: 13
Default

Thank you BuzzSPoint,
I'm working on it now, wish me luck
__________________
the_one is offline   Reply With Quote
Old 07-07-2005, 05:33 PM   #20
Daemon Poster
 
Join Date: Jun 2005
Location: US
Posts: 676
Default Re: block some PC on the network

Good luck the_one..

if you need help comon back.
__________________

__________________
"The Crazy American says.."
A well regulated Militia, being necessary to the security of a free State,
the right of the people to keep and bear Arms, shall not be infringed.
BuzzStPoint is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 12:13 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
×