[thelist] Restricting Internet Access by LAN IP
Matthew Lewis
matthewhse at gmail.com
Mon Jun 27 13:12:21 CDT 2005
I'm helping set up a network of six computers running Windows 2000.
(Actually I've already set it up, I just need to tweak it a bit now.)
I've had a lot of trouble with Windows networks if LAN IP's are dynamic,
so I always assign IP's manually to each machine. They're networked
using standard network switches and Internet access is through DSL and a
standard Linksys router. Everything is wired - no wireless anywhere.
The problem is that I need to set things up so that two of these
computers cannot access the Internet at all, EXCEPT for a short list of
websites. The router has built in functions to stop all Internet access
for certain LAN IP's, but that's as far as it goes. These machines need
access to some sites, but basically I need to be able to start them off
with an "empty Internet" and then add a list of "allowed sites" as time
goes by.
I've been advised by one very knowledgeable gentleman to use Squid on a
Linux box as a proxy for these two machines to access the Internet
through. The idea is to use the router to totally block Internet access
from these two boxes, then configure them to go through the proxy which
can be configured to only allow certain sites. Unfortunately, I can't
get a Linux machine for this network, and Squid on a Windows OS seems
pretty much impossible to get configured properly. I've had no luck in
finding another good free/cheap proxy software that looks like it will
do what I need.
So that's my goal - now I just need ideas. What can I do to set things
up so these two machines can only access "allowed" websites? Whatever I
do, it needs to be easily updated to include new sites, but it also
needs to be something that the users of these computers can't get
around. Any ideas?
I've thought of using the Windows HOSTS file, but from the research I've
done it seems like that can't work. Plus, I think non-administrator
users can edit the HOSTS file anyway, and if that's true, it kind of
defeats the whole purpose in the first place.
Thanks a lot,
Matthew
More information about the thelist
mailing list