I have a PC that I need to separate from the rest of the network so it can't see the other computers and the other computers can't see it. I still need that PC to have internet access from out network though. Presently we have a Netgear FVS336G Firewall and using a static route I have managed to assign that PC an IP address that is not in the same address range and the internet still works on it but it can still our other computers and connect to them. Any ideas?
can you set the other computers to block any incoming traffic from that IP?
what OS are you running on the PCs?
Windows 7. We're talking about a LOT of computers I would have to go manually block...if I knew how.
dont you just change the subnet on the pc you want to isolate? default gateway remains the same for inet acess.. i think, its been a while.
Quote from: delooch on March 02, 2012, 10:00:29 AMdont you just change the subnet on the pc you want to isolate? default gateway remains the same for inet acess.. i think, its been a while.
That's the way I have it now but that damned computer can still see some of the network computers. It can still see some of the Vista and Windows 7 computers but not all. And of the ones it can see it can log into about half of them but the other half says that it is not available when you try to log in but it's still visible in the network browser. And it can't see the Windows 2000 & 2003 servers or the Macs. Weird.
Think you brought that little gremlin from your home network to work with you. :evil:
DMZ?
Quote from: Farabomb on March 02, 2012, 10:16:13 AMThink you brought that little gremlin from your home network to work with you. :evil:
I don't think so. I've not brought anything to work other than my lunch. The one at home cleared up once I disconnected from my ISP and re-connected.
DMZ? I've thought about that but wouldn't that expose that computer to the internet?
isn't that what you want? I can't read anymore, I've read far too much nonsense and it broke my ability to comprehend.
I want them to be able to access the internet. Not give the internet full access to their computer.
aw com'on Joe, what could possibly happen?
maybe a tiny virus, maybe...
Quote from: david on March 02, 2012, 12:57:18 PMaw com'on Joe, what could possibly happen?
maybe a tiny virus, maybe...
It's for an in-house postal worker. I don't want to piss one of those off. :machinegun:
We have to setup an office for them in the plant. We have to supply the office, PC, printer, net access, etc.
oh, sorry, never knew the seriousness of it...
going postal an' all...
Does turning off file sharing work?
Quote from: t-pat on March 02, 2012, 01:53:24 PMDoes turning off file sharing work?
It would but they could just turn it back on. They have to have admin access to the PC according to their specs.
PM Mr. Burns? :undecided:
Quote from: frailer on March 02, 2012, 02:17:37 PMPM Mr. Burns? :undecided:
That's what I named my BDR!
the only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
Quote from: david on March 02, 2012, 03:22:22 PMthe only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
I know I can do it if I buy a $4,000 Cisco PIX. The company is balking at that idea though. Go figure... :laugh:
Quote from: Joe on March 02, 2012, 04:20:27 PMQuote from: david on March 02, 2012, 03:22:22 PMthe only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
I know I can do it if I buy a $4,000 Cisco PIX. The company is balking at that idea though. Go figure... :laugh:
What about adding a cheap seperate router and plugging it into another port on your existing solution?
Quote from: Duffy on March 02, 2012, 04:22:38 PMQuote from: Joe on March 02, 2012, 04:20:27 PMQuote from: david on March 02, 2012, 03:22:22 PMthe only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
I know I can do it if I buy a $4,000 Cisco PIX. The company is balking at that idea though. Go figure... :laugh:
What about adding a cheap seperate router and plugging it into another port on your existing solution?
I get the same result I've got now. That computer can still see others on the network.
Quote from: Joe on March 02, 2012, 04:23:49 PMQuote from: Duffy on March 02, 2012, 04:22:38 PMQuote from: Joe on March 02, 2012, 04:20:27 PMQuote from: david on March 02, 2012, 03:22:22 PMthe only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
I know I can do it if I buy a $4,000 Cisco PIX. The company is balking at that idea though. Go figure... :laugh:
What about adding a cheap seperate router and plugging it into another port on your existing solution?
I get the same result I've got now. That computer can still see others on the network.
What about taking an old server, do not add it to the PDC and only add that box as a member of a new domain.
Quote from: Duffy on March 02, 2012, 04:26:31 PMQuote from: Joe on March 02, 2012, 04:23:49 PMQuote from: Duffy on March 02, 2012, 04:22:38 PMQuote from: Joe on March 02, 2012, 04:20:27 PMQuote from: david on March 02, 2012, 03:22:22 PMthe only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
I know I can do it if I buy a $4,000 Cisco PIX. The company is balking at that idea though. Go figure... :laugh:
What about adding a cheap seperate router and plugging it into another port on your existing solution?
I get the same result I've got now. That computer can still see others on the network.
What about taking an old server, do not add it to the PDC and only add that box as a member of a new domain.
How would they have access to the internet?
Quote from: Joe on March 02, 2012, 04:41:52 PMQuote from: Duffy on March 02, 2012, 04:26:31 PMQuote from: Joe on March 02, 2012, 04:23:49 PMQuote from: Duffy on March 02, 2012, 04:22:38 PMQuote from: Joe on March 02, 2012, 04:20:27 PMQuote from: david on March 02, 2012, 03:22:22 PMthe only thing I can find is to do Mac address filtering, which I don't think will help you in this situation.
still looking tho.
I know I can do it if I buy a $4,000 Cisco PIX. The company is balking at that idea though. Go figure... :laugh:
What about adding a cheap seperate router and plugging it into another port on your existing solution?
I get the same result I've got now. That computer can still see others on the network.
What about taking an old server, do not add it to the PDC and only add that box as a member of a new domain.
How would they have access to the internet?
Use Windows Server to route the traffic only to that system, if you do not use a PDC now then you would just set up the sever as a PDC, add only the box you want to be a memeber and use the same gateway info to the router to "zone" the postal box off.