Block Internet Access without affecting LAN services on a LAN

By drew_viii ·
Hi, need some help here and ideas as well! im new here, 1st post as well! :)

10 Workstation, 1 of the 10 workstation has apache tomcat server on it running a web based program.

7 workstations including the server should not have internet access, including p2p programs as well and IM

3 workstations should have full internet access

all 10 should have perfect LAN features, sharing files etc etc... and of course accessing the server

set up currently, a router connected to a modem, a switch connected to the router, all 8 pcs connected on the switch, while 2 on the router ports

ok, generally ive tried mac address filtering with the belkin router, but obviously this blocks all network traffice, hence no LAN then, so it wont work

seconrd i tried, ip client address filter, which states which ip and which port to block, tried that, but they can get over with this by doing automatic ip address acquiring, this will only work if i put static, and i know they can change the static ip to automatic ip, why, cuz router running on DHCP, why DHCP? because it needs wifi access for multiple users during meetings

is there a better way to do this? i couldn't protect my server when it has internet access, and i need to restrict 7 pcs with net access in order not to wast bandwidth with p2p programs, IM and browsing.

im trying to figure out by making 2 LAN with them, but still i cant make it work, i tried to, but its just a normal belkin wireless router, i couldnt manually assign each port for access or with IP address as well, if i have a cisco router i could configure it easily but with this, it has its limits, but i hope there is a way to sort this out with out purchasing another extra router, plz help or simply suggest what can i do in order to have access with LAN but restrict internet access with them? thanks!!!!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

A couple of suggestions

by deity_chooch In reply to Block Internet Access wit ...

You seem to understand what the best solutions would be (separate LANs or VLANs). I'm assuming this Belkin router is also the DHCP server, in which case you wouldn't be able to add statically-assigned DHCP hosts, which would be another solution. Also, you could get another, similar router (instead of shelling out the cash for a Cisco one) and hook it up as a NAT server, with only certain traffic permitted.

Another solution would be to install 2 NICs in any extra computer you have lying around, install a distribution of GNU/Linux on it, and use it as the DHCP server and firewall. You'd be able to add aliases to the internal NIC (allowing multiple LANs) and statically assign DHCP addresses (and discriminate traffic based on this). I have built one myself and it works well, but you'd have to have the equipment and time/expertise to do it.

Collapse -

Just a suggestion

by mwalsh In reply to A couple of suggestions

I dont know if a belkin can do this but why not try blocking the entire lan from accessing the internet and then only allow the 3 machines that you want to have access, that is if you can static address them. I assume since these 3 machines you trust being on the net, that whoever is using them wouldnt be messing around.

Related Discussions

Related Forums