Blocking all internet but not email?

D

dazmower

Member
Joined
Nov 5, 2007
Messages
27
Reaction score
0
Howsit guys,

I need a good way to block all internet traffic but to enable email.

Not all PC's, just certain.

I'd guess the best option would be to do it on the ADSL router, block port 80 for IP range between ..., I am strugglinh to do so on my routers.

just bought a planet ADE-3400 and I have a EDIMAX something.

All users will be on XP Pro, SP2 or SP3,

I used to do it via MMC, inserting policies etc but I see this doesn't really work so well anymore.
Currently I have blocked everything with a fake DNS server address but this is easy to get around.

I can create user accounts with passwords and do something like these sites say:

http://www.christianblog.com/blog/a...access-in-windows-for-specific-user-accounts/
http://community.spiceworks.com/how_to/show/1440

but will a dummy DNS or Proxy address allow email?

So options:
1) Router which I am struggling with
2) User - then change access - but how and what? I even don't mind deleting IE and not letting them install anything?
3) or both as I wouldn't mind keeping games and anything private from being installed on the PC's

While I'm doing this, any way to disable USB keys but not USB printers? sick of viruses!!!

One of our guys is pretty good with PC's so I must be a little smart

cheers
 
Firstly what OS are you using?

EDIT: PS, I'm actually interested in the response as I need to do the same for my daughters new laptop latter this year.
 
You need to identify which ports your email server/client are using.

You can start with
POP3 - port 110
IMAP - port 143
SMTP - port 25
HTTP - port 80
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995
 
Have a look a Smoothwall Express. Can do exactly what you want ..... and more.

One of my clients has it configured that all websites are blocked, except for sites he needs for his business to function, with 1 workstation (his) to have no restrictions.
Staff productivity has improved as less time is wasted on "research".

If you are in Cape Town, PM me your details and I can arrange a demo of the product for you.
 
close all outgoing ports on the firewall except POP3 - port 110. IMAP - port 143. SMTP - port 25

these are the mail ports.

then lock them out of admin account.

although its technically possible to proxy http traffic over these ports, i doubt they are that level.
 
stricken said:
close all outgoing ports on the firewall except POP3 - port 110. IMAP - port 143. SMTP - port 25

these are the mail ports.

then lock them out of admin account.

although its technically possible to proxy http traffic over these ports, i doubt they are that level.
Click to expand...

Is there an Microsoft application (Trusted) that can open/close the other ports with a password? I live in the LINUX world and can easily write a script for this but Windows7 is a new domain for me. Wonder if its possible with Powershell.

(Sorry, not trying to hijack this thread but just asking questions that might also be of value to OP)
 
All PC's are running XP Pro,

there are only about 10PC's, only 4 will have complete internet freedom, the others absolutely no internet at all so I'm not too phased by controlling certain sites etc.

mmm I'm actually liking the idea of user accounts and and blocking their rights, this way I can remove all the standard games and keep them from stuffing around.

We are placing some pc's in the factory and places where the guys will have nobody watching them.

So firewall option sounds good, is there any other way I can block these ports (basically only port 80).

I'm trying to stay away from having a dedicated PC simply for this cause.
this 'gpedit.msc' seems to havesome nice options for rights.

I'm in JHB,

thanks
 
Last edited:
smoothwall looks good as well, I guess I can use an old PC for this task. it will serve as the gateway - giving/denying access as well as increasing security
 
dazmower said:
All PC's are running XP Pro,

there are only about 10PC's, only 4 will have complete internet freedom, the others absolutely no internet at all so I'm not too phased by controlling certain sites etc.

mmm I'm actually liking the idea of user accounts and and blocking their rights, this way I can remove all the standard games and keep them from stuffing around.

We are placing some pc's in the factory and places where the guys will have nobody watching them.

So firewall option sounds good, is there any other way I can block these ports (basically only port 80).

I'm trying to stay away from having a dedicated PC simply for this cause.
this 'gpedit.msc' seems to havesome nice options for rights.

I'm in JHB,

thanks
Click to expand...

Heh, the previous placed I worked at did this, but the PCs had unrestricted internet access. After a week, they had no internet access, due to abuse and virus infections. They even removed the optical drives and USB ports eventually, the abuse was so bad. Even had to restrict the relevant user accounts to have read-only access to the a document server (mine) hard drive, as they kept messing around with the folders and breaking things.

B
 
it's possible to run the firewall (well the ones I know of) on really small PCs. So if you have a functional P4. So if there is an unused one lying around that would be your best bet in the long term.
dazmower said:
All PC's are running XP Pro,

there are only about 10PC's, only 4 will have complete internet freedom, the others absolutely no internet at all so I'm not too phased by controlling certain sites etc.

mmm I'm actually liking the idea of user accounts and and blocking their rights, this way I can remove all the standard games and keep them from stuffing around.

We are placing some pc's in the factory and places where the guys will have nobody watching them.

So firewall option sounds good, is there any other way I can block these ports (basically only port 80).

I'm trying to stay away from having a dedicated PC simply for this cause.
this 'gpedit.msc' seems to havesome nice options for rights.

I'm in JHB,

thanks
Click to expand...
 
Bismuth said:
Heh, the previous placed I worked at did this, but the PCs had unrestricted internet access. After a week, they had no internet access, due to abuse and virus infections. They even removed the optical drives and USB ports eventually, the abuse was so bad. Even had to restrict the relevant user accounts to have read-only access to the a document server (mine) hard drive, as they kept messing around with the folders and breaking things.

B
Click to expand...


well thats exactly that, we gave it to our production manager and within hours was surfing porn so we cut it completely, problem now is we are giving them email,

thanks for all the help so far,

cheers
 
dazmower said:
smoothwall looks good as well, I guess I can use an old PC for this task. it will serve as the gateway - giving/denying access as well as increasing security
Click to expand...

IPCop will do the same (and much much more) if you have a spare pc of just about any specs (could be a P1), and it is free.
 
Ok cool,

I think I will go with a user account without rights, will change network settings, program settings, maybe even remove IE completely together with all the games etc. This should do me fine until I can get another PC going to purely do this for me,

thanks for the replies guys
 
use mmc edit local policy for proxy and add 127.0.0.1 to proxy (if you are using IE)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X