block internet access

D

dd1313

Expert Member
Joined
Jul 23, 2005
Messages
1,552
Reaction score
0
HI

How can I block internet access from a store.We only want them to do
emails but no web access.

I tried changeing port 80 to something else in the router but it seems that the
PC settings overrides the router one

I have a chronos router..

THanks
DD
 
Put in a router and block all ports except SMTP and POP3 (25 and 113, I think) and/or block all ip's except email server(s)
 
Or use your router to direct all the ports you want blocked to a non existent IP?
 
repitah said:
Put in a router and block all ports except SMTP and POP3 (25 and 113, I think) and/or block all ip's except email server(s)
Click to expand...

HI

I cannot do that on this router.Seems like very old firmware

DD
 
If the router has a firewall you could just block the outgoing traffic on port 80.

Cause i know on my Billion i can block incoming and outgoing traffic on port 80 and then my mail still works....
 
Snormossel said:
If the router has a firewall you could just block the outgoing traffic on port 80.

Cause i know on my Billion i can block incoming and outgoing traffic on port 80 and then my mail still works....
Click to expand...

Thanks for that, my router has no firewall..

DD
 
edit the host file perhaps ? and block everything..

Or flush the dns and then set it to non-existant ones but put the ip addy of the smtp and pop3 email in :p [well till someone figures it out]
 
Well what you could do, is give the router an incorrect DNS entry. Then give the PCs themselves just the IP addresses of the mail servers. You could of course just setup an internal mail server on a PC and ONLY that PC has Internet access.
 
krycor said:
edit the host file perhaps ? and block everything..

Or flush the dns and then set it to non-existant ones but put the ip addy of the smtp and pop3 email in :p [well till someone figures it out]
Click to expand...
Editing the hosts file - good idea. :)
 
Managing one hosts file is fine and dandy, but managing a couple of hosts file will turn into a nightmare - especially as the users discover that the hosts file can be modified...

Suggestion is to buy a newer router with managed firewall, or install a linux firewall distro to control access.
 
Just stick a software based firewall between the router and the Internet connection and firewall their asses. IPCop or Smoothwall would do the job nicely, is easy to admin via a web browser, will run just fine on an old Pentium I or II and will cost you very little to set up.

If you have an old PC lying around you'd probably only need 2 network cards.
1 for the internal network (green interface)
1 for Internet side (red interface)

With regards to the other suggestions :
1. Blocking port 80 won't work - people will find public proxies on other ports like 1080, 3128, etc.

2. Blocking DNS lookups won't work. People can still use the IPs if they want to access sites. I was able to surf on such a system - I just needed the IP for a DNS lookup site and then I could lookup the IP address for any site I wanted to browse.
 
^^^ what he said


Also, you'll be able to monitor bandwidth usage per workstation with Smoothwall (probably also with IPCop) so you'll be able to see who's sucking up bandwidth and who isn't...
 
You might also want to check out a program called M0n0wall. It can be found here

Also, if you want a separate free proxy then check out Censornet, found hereThis is a dead easy proxy to set up and you can control users by MAC address plus limit their bandwidth etc. I think that IPCOP and Smoothwall will do the same, but I don't know those to products that well.

Cheers
G
 
Smoothwall v3 "Degu" is in Beta phase, and it looks good so far.

You have the ability to add portshaping rules to the firewall so as to give priority to certain protocols whilst throttling others.

You can also plump for M$ ISA Server, but that'll cost you a pretty penny, whilst the Linux alternatives is free, and (in some cases) can run on a PII with 64Mb RAM... :D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X