How can I restrict internet on my home network?

[Darkchyld]

I have a network set up in my home consisting of 7 machines. 6 are wired ethernet and one wireless. I only want three, two wired and the wireless, to have access to the internet. I've used static IP addressing and have done that but now the other computers didn't "see" each other. When I set them for static addressing they can access the net. Is there a way to set things up so any computer can see any others? like for gaming and file sharing, but limit net access to only selected machines?
DC

 

[blue68f100]

The easiest way to use the router to map the ip of the machines you want to control. Then you can add a rule and block port 80.

 

[armegeden]

Or

Just use Static IP's on all machines, but do not assign a Gateway on the machines you don't want on the internet.

That way all computers will be able to communicate within the same subnet, but if trying to access a different subnet (ie the internet), only the machines with a Gateway assigned will know how to get there.

 

[sturm]

Double that.
Hopefully the people wont know how to change it back once their blocked.

 

[blue68f100]

I had a frend tried that, but kids were smart enough to figure it out. Using the router to assign and control it. Unless they come up with a utility to change the MAC address there is no way around it. Then if you want to give them access, just deed to add a rule with the times, it can be used.

If they booted off a live CD they just got passed your static ip, but not the router.

 

[Darkchyld]

I want to thank you all. It solved my immediate issue. Now all can access the music and photos and game but only the machines that I want to access the net can. Now lets see how long it takes the kids to figure it out! :lol:

 

[El0him]

The best way to do this is to put up a firewall. I have a Linux netfilter/IP tables firewall that does this for me. I just create firewall rules that sends an ICMP port unreachable when a machine that doesn't have internet access tries to access the internet. I'm also running Squid Cache and dansguardian so I can filter out web contents.

 

[kdxrider9262]

or if you want to be a l337 h4x0r...you can set up a zonecd server....(google zone cd) It uses authentication to access the internet, aim, games, etc...