Home Network. Want two machines to not have Internet access

  • Thread starter Thread starter homicanada
  • Start date Start date
H

homicanada

Hi All,

I am trying to setup my network at home with following config but I
need some help:

1- I have two machines (one Media Center and one File Server) that I
don't want to have Internet access on those (so no attack from
outside).But I want other computers in my house access them freely.
2- Other computers at home should have access to Internet and those
two boxes.
3- Also somehow prevent people from hacking to my Internet machines
and access my two No-Internet boxes.

Is it doable? do I need some hardware?


Thanks in advance,

Homer
 
Hi All,

I am trying to setup my network at home with following config but I
need some help:

1- I have two machines (one Media Center and one File Server) that I
don't want to have Internet access on those (so no attack from
outside).But I want other computers in my house access them freely.
2- Other computers at home should have access to Internet and those
two boxes.
3- Also somehow prevent people from hacking to my Internet machines
and access my two No-Internet boxes.

Is it doable? do I need some hardware?


Thanks in advance,

Homer
Click to expand...

Do you use the Media Center machine to watch or record TV? If so, it
needs Internet access to update its program guide.

I'm assuming that you have a broadband router that provides Internet
access to your network.

1. Assign a static IP address and subnet mask to each no-Internet
machine. The IP address should be in the same subnet as the other
computers, but outside the range of addresses assigned by the router's
DHCP server. Don't assign a default gateway or DNS server address
to those machines.

2. Configure the Internet machines to obtain an IP address
automatically. The router's DHCP server will configure them.

3. Your router acts as a firewall, preventing unauthorized access to
you computers from the Internet. Each computer should also have a
firewall program as a second level of protection. Configure the
firewall to allow access by other computers on the local area network.
The Windows Firewall that comes with XP and Vista is fine.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Hi
Option 1. If all the computers run on Win2000, or and Win XP, you can
install NetBEUI on all of them.
Bind NetBEUI to the Sharing, and unbind TCP/IP from the sharing.
http://www.ezlan.net/netbeui.html
Option 2. Many Router have a filter that can selectively block the Routing
(I.e. Connection to the Internet) by MAC or IP address.
If you have such a Router, enter the MAC address of the Media and server
computers.
Jack (MS, MVP-Networking)
 
Perhaps I'm missing something but unless you need to host some services
(e-mail server? Web server?) inside why not just configure your
firewall/NAT box to block ALL inbound traffic? (which it should by
default I believe)

Nobody is going to attack the PC I'm sitting at now from outside because
my router doesn't accept any inbound connections.

The only way it might be vulnerable would be if *I* visited a
compromised site or invited in a Trojan or other malware; which I try to
be careful not to do. And, of course, I use anti-malware software.

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q
 
Perhaps I'm missing something but unless you need to host some services
(e-mail server?  Web server?) inside why not just configure your
firewall/NAT box to block ALL inbound traffic?  (which it should by
default I believe)

Nobody is going to attack the PC I'm sitting at now from outside because
my router doesn't accept any inbound connections.

The only way it might be vulnerable would be if *I* visited a
compromised site or invited in a Trojan or other malware; which I try to
be careful not to do.  And, of course, I use anti-malware software.

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Towerhttp://www.rolandschorr.comhttp://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:http://tinyurl.com/5m3f5q











- Show quoted text -
Click to expand...

Thanks all for your responses. I will try them and let you know.
Actually I have a son that downloads things off the Internet time to
time so one of my concerns is actually being attacked from inside
(Trojan). But I guess I can’t do much for that side (except running
anti-spy/virus programs. I was actually thinking about buying a Cisco
box (PIX 501?) but it seems there are some easier ways too.
 
Back
Top