Deny Internet Access and Allow Intranet Access
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Deny Internet Access and Allow Intranet Access

  1. #1
    Junior Member
    Join Date
    Jul 2004
    Posts
    17

    Deny Internet Access and Allow Intranet Access

    Hello everyone,

    WHat would be the best way to Deny Internet access and allow intranet access. I need to do this on just one machine, so i dont want to mess with the servers. I would just unplug his Cat cable, but he needs to browse the intranet for information. Any help would be appreciated...

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Really depends on your network setup (topology).

    On many networks you can remove the default gateway which usually hits the Internet.
    You can also use ACL's on firewalls or routers to prevent this as well.

    Can you post your topology for us to analyze?

  3. #3
    Member
    Join Date
    Sep 2001
    Posts
    31
    well...if you'r using a prxoxy...you can disable it in the registry.....dont remember the exact key..but u can use something like registrymecahnica..or somethi like taht...so it can only view local addresses.....
    we work in the dark - we give what we have - we do what what we can - our doubt`s our passion - our passion our task - the rest....- is the madness of art.

  4. #4
    Junior Member
    Join Date
    Jul 2004
    Posts
    17
    This is the topology, i work for a large healthcare company. So we are spread out on a windows 2000 network, split off by about a 100 domains within the company. I tried already just taking off the gateway, but im not able to travel through the intranet. What we just realized is that the intranet address is somewhere up north(Northern cali) on a different domain, would this be one of the reasons why we just cant shut down the internet access? Because i also tried to check on "Lan Settings" and install a fake proxy server, to block off most access except for the Intranet. And we also are not able to mess with the ACL on a firewall or a router, because we do not have control and the person who does is away in a day long meeting! Humm i know i can just mess with the HOsts file, but thats gonna take me a while, and i dont really feel like messing with it. BUt like before thanks for all the HELP and thanks for reading...

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    go the the internet fw (or internet router) and add a rule to drop all packets that come from that station.... and its done.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #6
    Junior Member
    Join Date
    Jul 2004
    Posts
    17
    I was thinking of that, im gonna get one of my team members to try that out. Is there any way we can just do it straight from the client? So we wont mess with the servers, firewalls, or routers. I thought there might be a way to do it, but it does seem we will have to shut him off that way. It sucks we dont have an Active Directory, it would of made this a lot easier...

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    arisecanfly if its just for this one user and they wont allow you to break his fingers messing with the hosts file isnt such a bad idea. if you give him bogus dns servers and include in the hosts file just the addresses you want that computer to get to that would do the trick. how many servers does he need access too?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Junior Member
    Join Date
    Jul 2004
    Posts
    17
    He needs to access about 7 different Intranet Servers, And i think thats what i will have to do is just mess with hosts file. Ok i have to start looking for addresses right now. Thanks guys for everything, and if you guys think of other solutions im always surfing the posts....

  9. #9
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    hum you can create a route to internet (static one) to nowhere. when station try to contact proxy for example, he will be sent to void. and timeout. that you can do at station.
    If station is windows xp, start it up and block proxy address.
    or put in tcp/ip filter list.
    but if user has admin priviledges, he can revert is easily....
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  10. #10
    Junior Member
    Join Date
    Jul 2004
    Posts
    17
    I just wanted to thank everyone for their replies and for their help. Results: We installed a Host file blocking off every possible Web portal we can think of, and we also got into his favoriites and blocked all of those. The funny thing is that 3 hours after we finished, they decided to "Consult and train" Him on how to cut down on his surfing! hahahah i guess thats the way the cookie IT crumbles. Again thanks a lot everyone...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •