Hi all,
I know this is apparently a trivial question but in practice (and in particular for a networking moron or almost so) it can be a real headache...
I want to COMPLETELY isolate one or more PCs in my LAN from Internet access. I mean, they must be allowed to access and be accessed by other PCs or resources in the LAN, but they must be completely forbidden to "go outside" or to receive any packets from outside - as though there were not any internet connetion at all from their viewpoint. I don't just want to block some ports or protocols, but ANY Internet activity.
The PC(s) I want to block have a fixed IP of course (no DHCP).
My router is a professional one, a brand new BinTec Elmeg which can be configured extensively but I'm not a networking engineer and I only have some bare knowledge of Internet protocols.
Which is, in your opinion, the easiest solution to achieve that without going mad ?
My router has not any "easy" (read: quick, shortcut) options to achieve this goal as my previous router (an Atlantis Land) had instead.
The manual is for super experts only of course and carries no examples.
In your opinion, should I first try to configure the Firewall to achieve this goal ? Or is it better to try somewhere else, maybe with the NAT ?
Oh, if possible, I would like a way to achieve that by just specifying the IP address of the machine(s) blocked rather than their MAC address (if possible, otherwise it's ok even the MAC address).
I trust in your help (or even just some useful hints) for such a simple problem but which for me is very hard !!
Also, I'd like to do this "the best way", i.e by properly configuring my router, and not the "poor man's solution" eg. by giving the blocked PCs a fake gateway address (which in addition can be changed by an expert user !!)
Please, before I shall pay for a network expert to come here and help me... ! !!
I know this is apparently a trivial question but in practice (and in particular for a networking moron or almost so) it can be a real headache...
I want to COMPLETELY isolate one or more PCs in my LAN from Internet access. I mean, they must be allowed to access and be accessed by other PCs or resources in the LAN, but they must be completely forbidden to "go outside" or to receive any packets from outside - as though there were not any internet connetion at all from their viewpoint. I don't just want to block some ports or protocols, but ANY Internet activity.
The PC(s) I want to block have a fixed IP of course (no DHCP).
My router is a professional one, a brand new BinTec Elmeg which can be configured extensively but I'm not a networking engineer and I only have some bare knowledge of Internet protocols.
Which is, in your opinion, the easiest solution to achieve that without going mad ?
My router has not any "easy" (read: quick, shortcut) options to achieve this goal as my previous router (an Atlantis Land) had instead.
The manual is for super experts only of course and carries no examples.
In your opinion, should I first try to configure the Firewall to achieve this goal ? Or is it better to try somewhere else, maybe with the NAT ?
Oh, if possible, I would like a way to achieve that by just specifying the IP address of the machine(s) blocked rather than their MAC address (if possible, otherwise it's ok even the MAC address).
I trust in your help (or even just some useful hints) for such a simple problem but which for me is very hard !!
Also, I'd like to do this "the best way", i.e by properly configuring my router, and not the "poor man's solution" eg. by giving the blocked PCs a fake gateway address (which in addition can be changed by an expert user !!)
Please, before I shall pay for a network expert to come here and help me... ! !!