Re: How2 allow a local computer to access Internet, but not other locals - LAN/network/firewall config?

From: Duane Arnold (Darnold@Insightbb.com)
Date: 04/08/02 

From: "Duane Arnold" <Darnold@Insightbb.com>
Date: Mon, 08 Apr 2002 05:35:36 GMT

If you are looking into a software solution. You could look into BlackIce
Defender PC. I use NetMeeting Desktop Sharing to remotely control my
desktop from laptop computer. I have to set Trusted IP address connections
between the two computers for NetMeeting on both computers to work. Without
it, they cannot communicate or access each other. If I connect another
computer to the network, I have to tell BlackIce on all machines to Trust
the IP(s) of the other machines. All machines can access the printer on the
network, and I can also set BlackIce on the desktop computer to block all
IP(s) wanting access and still allow the sharing of the printer. Below is a
paste from the BlackIce HELP. I am behind a Linksys 11S4 router.

Hope this helps

Duane

Firewall Tab
Use the Firewall tab to set how BlackICE controls access to your computer.

Protection levels
  a.. Paranoid: The Paranoid setting is very restrictive, but useful if your
system is experiencing frequent and repeated intrusions. Under this setting
BlackICE PC Protection blocks all unsolicited inbound traffic. This setting
may restrict some web browsing and interactive content.
  b.. Nervous: The Nervous setting is preferable if you are experiencing
frequent intrusions. Under this setting, BlackICE PC Protection blocks all
unsolicited inbound traffic except for some interactive content on Web sites
such as, streaming media.
  c.. Cautious: The Cautious setting is good for regular use of the
Internet. Under this setting BlackICE only blocks unsolicited network
traffic that accesses operating system and networking services.
  d.. Trusting: The Trusting setting is good if there is minimal threat of
intrusions. Under this setting all ports remain open and unblocked and,
therefore, this setting allows all inbound traffic.
Firewall Tab settings
The following table describes the settings available on the Firewall Tab:

      Setting
     Description

      Enable Auto-Blocking
     When selected, BlackICE PC Protection automatically blocks intruders
when they attempt to access your system. When not selected, BlackICE still
reports and logs events, but it does not automatically block them.

      If you do not select Auto-Blocking, you can manually block intruders
to protect your system, see Controlling access from an IP address for more
information.

      Allow Internet File Sharing
     When selected, allows you to share files with others across your
network and the Internet (if your network does not have a firewall).

      If your network does not share files, deselect this option.

      Disabling file sharing makes your computer unavailable to other
computers on your local network. See Windows Sharing Features for more
information.

      Allow NetBIOS Neighborhood
     When selected, your computer is visible on the Network Neighborhood of
other networked computers. When not selected your computer is not visible to
other computers on the network. Hiding a computer from the Network
Neighborhood does not prevent file sharing; other systems can still access
the resources on the local system but users must locate the computer using
the local computer's IP address.

"Igor" <Igor9273@sprynet.com> wrote in message
news:8i91bu07a2fh3j9pu6geh1b793ef5forij@4ax.com...
> I want to allow someone to hook into my network and access the Internet
through my Linksys
> router but not access other computers on the LAN.
>
> I have a Linksys router and use ZoneAlarm. I use file and print sharing
w/ passwords for
> the devices now on my network, but I do not want to rely on that for
security when a
> visitor plugs into the LAN with a laptop. File and print sharing are
_not_ bound to
> TCP/IP, but rather to Netbui. ZoneAlarm does not list any of the other
computers now
> plugged into my network, but they can all communicate with each other,
share files, and
> print -- which, in theory, they should not be able to do based on what I
have read (and
> tried to understand) at ZA's website. My _guess_ is that because I am
using Netbui,
> ZoneAlarm is not monitoring the communications, but repeated e-mails to ZA
has only
> resulted in canned replies that have no applicability. If this is so, I
suppose I could
> unbind everything to Netbui and bind them to TCP/IP, but I have it set the
way it is now
> because the established security guru at grc.com, Steve Gibson, has
recommended it. As
> for Linksys, they tell me how I can allow LAN access and block Internet
access rather than
> what I want to do, which is allow Internet access and block LAN access.
>
> Additional info about my system:
>
> All connections run through the router
> Also use 1 switch and 1 hub
> Each device has only 1 10/100 NIC
> CAT5/5e used throughout
> Printers accessed through networked PCs (i.e., printers do not have their
own NICs)
> All MS Windows environment
> Will soon be adding small Unix-based server
> P2P network; Windows "logon" (i.e., not Client for MS Networks)
> Linksys router BEFSR41
> ZoneAlarm (latest basic version, not Pro)
> Norton Internet Security 2001(some features)
>
> So, I would like to identify 1 or 2 IP addresses in my LAN and say they
can access the
> Internet but not other computers/printers on the LAN. I would like to
avoid having to
> reconfigure the system from P2P to a server-authentication system. I
would be willing to
> buy some software or another moderately-priced piece of hardware if that
will do the
> trick. Also, I will be adding a small server soon (no real transactions,
just browsing
> and some db recording) and am very concerned about security of files not
on the server --
> e.g., if someone hacked the UNIX/Apache server they could then use it to
hack other PCs on
> the LAN. (As may be apparent from the above, I am only a novice on
security.) So, maybe
> now is the time to gte a firewall box, if necessary. In anay event, any
proposed
> solutions are welcome. Thanks. -- Igor
>

begin 666 BackgroundInfo.gif
M1TE&.#EA%0`3`/<``*H``*H`5:H?`*H?5=0``-0`5=0?`-0?5=0_5=1?5=1_
M5=1_JM2?JO^_JL# P ```& 3&X8<)W48(;0D,TL/%;4H-SD,$?___P``````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````"P`````%0`3```(20`O"!Q(L*#!@Q$2)H1PT*#"
MAQ$:#GPH4*'$B@D)+KQX(>-$CQ<9?HS(T2')DAI!HL2X,N7)EA9;LI0YDZ;-
-CS8A;*2I\F;)@ ``.P``
`
end

begin 666 Note.gif
M1TE&.#EA*0`.`/<``````/______________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_____________________RP`````*0`.```(9@`#"!Q(L*#!@P@3*ES(L*'#
MAQ C2ISX$ " @A<I,K2846!'C0DO6AR8D>/(`"93GCQY4&1'ER1?EOR(DB;!
JF1YKQMRIL^).F!YE!N784"C0GCU9%KTYDJ53G$Q#8IQ)E&?*H D#`@`[
`
end

begin 666 Note.gif
M1TE&.#EA*0`.`/<``````/______________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_____________________RP`````*0`.```(9@`#"!Q(L*#!@P@3*ES(L*'#
MAQ C2ISX$ " @A<I,K2846!'C0DO6AR8D>/(`"93GCQY4&1'ER1?EOR(DB;!
JF1YKQMRIL^).F!YE!N784"C0GCU9%KTYDJ53G$Q#8IQ)E&?*H D#`@`[
`
end

Relevant Pages

  • Re: Incoming port accesses from China
    ... These ports are used heavily in a LAN environment for File/Print ... >sharing amongst other things. ... it can't find a DHCP server because who ever set up the network screwed ...
    (comp.security.firewalls)
  • Re: lack of a password challange
    ... >his PC's root open for sharing files, and had then given the admin's ... From his son's machine on the lan I ... Windows XP allows all users on all computers to access ... network password to the Guest account. ...
    (microsoft.public.windowsxp.network_web)
  • Re: networking mystery, unable to ping or access....
    ... > Unable to successfully ping between 2 XP Pro computers., ... Lights on each LAN ... > Used wizard to set up home network, and also tried running the network ... > File and Printer Sharing for Microsoft Networks ...
    (microsoft.public.windowsxp.network_web)
  • Re: Looking for a software Firewall..
    ... > And I'll say it plain and simple BlackIce is one of the best... ... I often have to use the internet, so I have my network card bound to ... to give me problems with my LAN at work. ...
    (comp.security.firewalls)
  • Re: Blackice or Norton?
    ... >Not a firewall, oke explain this "How to Use the BlackIce Firewall" that is ... attempts to get in from the WAN (Wide Area Network aka the internet) ... Not from the LAN to the WAN. ...
    (comp.security.firewalls)
Quantcast