disable a compute connect the internat

[Dennis Lei]

some computers connet the internat with a server ,the server use the nat to
help the computes connet the internat .How can I disable a computer connet
the internat?

 

[Herb Martin]

Your question is unclear, but if you mean you do not wish
some machine to connect to the Internet through the NAT,
then give it a different "default gateway" (and don't allow
it to know about any other routers can can reach the internet.)

If the NAT is a DHCP server giving these machines dynamic
addresses, you may have to assign the addresses manually
to avoid it as the default gateway BUT....

Note: In the IP properties of the NIC, even though you choose
automatic addressing you CAN put in an IP address for the
default gateway -- this is normally a BAD IDEA but in your
case this is precisely what you want to "mess up" so that they
cannot reach the Internet. (Put in an unassigned address; something
you know will never work.)

 

[Atacan Conduroglu]

If you want to control which addresses your NAT clients, machines connected
to private network side of your Network Address Translator, can access, in
case they have a static address, you can also use a Firewall on your NAT
box.

Lets say you don't want your NAT client, 198.162.1.15, to connect
64.236.16.20. Add on your NAT box, on your private network card, a packet
filter to avoid this traffic.

P.S: On windows 2003 server, you can use the interface packet filters in
rrasmgmt.msc under the Routing\General\
InterfaceName.

 

[Herb Martin]

P.S: On windows 2003 server, you can use the interface packet filters in

rrasmgmt.msc under the Routing\General\
InterfaceName.

RIGHT.

You can also use the more flexible IPSec filters on Win2000/Win2003.

Note: I am NOT referring to enabling the actual IPSec but rather the
fact that IPSec filters have 3 basic actions: Pass, Drop, Negotiate IPSec.

Pass and Drop can work even if you never negotiate any IPSec.