How to block internet access to users connected to the LAN?

- WebProWorld iEntry
10th Anniversary Forum Rules Search $50 Barnes & Noble Gift Card Stylish Email
Marketing Leading Payment Gateway

RegisterFAQCalendar

User NameRemember Me?

Password
Subscribe to the Newsletter FREE!

WebProWorld > Webmaster, IT and Security Discussion > IT Discussion

Forum
How to block internet access to users connected to the LAN?
Index Link To US Private Messages Archive FAQ RSS
IT Discussion Forum Having IT issues? Got IT questions? Who doesn't? If
you can't get your Apache to work with your MySQL or your php is choking
on your ODBC... Let's see if we can help you come up with some ideas.

Go to Page...

Share Thread: & Tags

Share Thread:

LinkBack Thread Tools Display Modes

#1 (permalink) 06-26-2006, 07:31 PM
undrop79
WebProWorld Member Join Date: Sep 2003
Location: Kent, UK
Posts: 43

How to block internet access to users connected to the LAN?

I hope someone can help, this is the situation.

I work in a hotel which has 1 DSL connection which routes through our
server and then connects to the other office workstations by using a
switch. The situation is that the switch also connects to other switches
which are routed to each hotel bedroom via Cat5 which goes throughout the
hotel. This was installed to connect to the Interactive TV's in the rooms
which provide internet via the television sets.
My Server acts as a DHCP server which the workstations in our offices
connect to and gain access to the internet by obtaining an IP address
automatically.
The issue is this, if a customer (Hotel Guest) connects their laptop to
the Cat5 cable in their room, they automatically gains access to the
internet through our DSL service, which is a problem as there is now a
wireless hotspot, and the interactive TV which is supposing to generate
revenue which no-one uses as soon as they work out that they can just plug
their laptops to the Cat5 sockets.
Apart from removing the DHCP and assigning IP's statically, does anyone
know how to control who does and doesnt have access to our resources via
the DHCP server? Putting covers on the CAT5 sockets to stop people
removing the cables isn't an ideal solution either.
__________________
Chris

#2 (permalink) 06-27-2006, 12:28 AM

brian.mark
WebProWorld MVP
Join Date: Jul 2004
Location: Omaha
Posts: 3,028

A few options (I'm sure there are more):

1) Static IP's for everything.
2) Set up reservations for IP's based on MAC address, then only allow
those devices to the net.
3) Covers over the Cat5 ports.
Depending on the server software you use, it may be possible to restrict
access by device type, but that's something you'd need to check out
yourself.
Brian.
__________________
ToolBarn.com, an Internet Retailer Top 500 and Inc. 500 Company | Tool
Parts | Pet Supplies

#3 (permalink) 06-27-2006, 05:51 AM

Jabber_uk
WebProWorld Pro Join Date: Jun 2004
Location: Plymouth UK
Posts: 292
 Get another router to DHCP the hotel room cat5 connections and put them on
a different IP range. that router can still pass 'relevant' data on (the
TV stuff) out of the router. You could even restrict this second router to
stop outgoing packets on all the internet ports (80; 8080; 21; 22; 23; 25;
110; 443; 3389; etc etc). Need to remember instant messaging programs too
in this list and p2p software - think they are around the 1980+ port
range.
You can view a list of ports here:
http://www.iana.org/assignments/port-numbers
__________________
Jabbs
"The More I Know, The Less I Seem To Know!"
Anything IT & Support Forums

#4 (permalink) 06-27-2006, 06:29 AM

undrop79
WebProWorld Member Join Date: Sep 2003
Location: Kent, UK
Posts: 43

Thanks for the advice.

Jabber_uk
The thing about restricting the routers outgoing packets, is that the TV
does need to be able to access internet ports as would a computer. The
link you have given for the ports however could be very handy, thanks for
that.
brian.mark
I didn't want to have to change to static IP's or put covers over the Cat5
ports, so your second option seems like a good one. Do you have a link to
somewhere which would guide me through setting up reservations for IP's
based on MAC addresses? We have a Windows 2003 SBS which acts as a domain.

Thanks again!
__________________
Chris

#5 (permalink) 06-27-2006, 11:16 AM

Jabber_uk
WebProWorld Pro Join Date: Jun 2004
Location: Plymouth UK
Posts: 292
This link may help:
http://techrepublic.com.com/5100-1035_11-5611546.html#
__________________
Jabbs
"The More I Know, The Less I Seem To Know!"
Anything IT & Support Forums

#6 (permalink) 06-27-2006, 01:44 PM

brian.mark
WebProWorld MVP
Join Date: Jul 2004
Location: Omaha
Posts: 3,028

Quote:
Originally Posted by Jabber_uk
This link may help:
http://techrepublic.com.com/5100-1035_11-5611546.html#
Nice link, Jabber_uk. That's as close to perfect as one could have hoped
for.
Basically, you're leaving the devices DHCP but making them static on the
server side, then you can tell it any other IP's can't access the web.
That should do what you need without too much work.
As for getting the MAC addresses, check the DHCP table on the server. It
should list all of them.
Until you get that fixed... where was this hotel again? ;-)
Brian.
__________________
ToolBarn.com, an Internet Retailer Top 500 and Inc. 500 Company | Tool
Parts | Pet Supplies

#7 (permalink) 06-27-2006, 01:53 PM

Jabber_uk
WebProWorld Pro Join Date: Jun 2004
Location: Plymouth UK
Posts: 292
Quote:
Originally Posted by brian.mark
Until you get that fixed... where was this hotel again? ;-)
roflmao ;-) Cheap Internet access here we come!
__________________
Jabbs
"The More I Know, The Less I Seem To Know!"
Anything IT & Support Forums

#8 (permalink) 06-27-2006, 06:06 PM

undrop79
WebProWorld Member Join Date: Sep 2003
Location: Kent, UK
Posts: 43

Cheap?? more like free as things stand at the moment!

I better take a look at this link and see how easy it is to setup before
you two work out where we are... ;o)
Thanks for your help again, will post back with progress
__________________
Chris

#9 (permalink) 07-20-2006, 07:03 AM

Vectorman211
WebProWorld Member Join Date: Jul 2006
Posts: 90

I would recommend using a web proxy solution. There are proxy solutions at
many different levels depending on what you want to control. Users would
then be required to login to gain access to services. There are also proxy
solutions that offer accounting services as well so you can charge for
service.

#10 (permalink) 07-20-2006, 07:15 AM

undrop79
WebProWorld Member Join Date: Sep 2003
Location: Kent, UK
Posts: 43
 Any advice on how or where to acquire a web proxy solution?
__________________
Chris

#11 (permalink) 07-20-2006, 07:33 AM

Vectorman211
WebProWorld Member Join Date: Jul 2006
Posts: 90

Well since you are using microsoft windows you would probably want to
check into MS Web Proxy. I'm not sure which versions of server include
this package (if any). Here's a good article that outlines what it does
precisely:
http://www.windowsitlibrary.com/Content/265/1.html

WebProWorld > Webmaster, IT and Security Discussion > IT

Discussion Forum

« site advisor by McAfee | Job seeker »

Thread Tools
Show Printable Version
Email this Page
Display Modes
Linear Mode
Switch to Hybrid Mode
Switch to Threaded Mode
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
 Forum Rules

All times are GMT -4. The time now is 03:34 AM.

WebProWorld - Archive - Top

WebProWorld | Advertise | Contact Us | About | Forum Rules | MVP's |

Archive | Newsletter Archive | Top | WebProNews
WebProWorld is an iEntry, Inc. ® site - © 2009 All Rights Reserved Privacy
Policy and Legal
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
LinkBack
LinkBack URL
About LinkBacks
Bookmark & Share
Digg this Thread!
Add Thread to del.icio.us
Bookmark in Technorati
Furl this Thread!

Search Engine Optimization by vBSEO 3.3.0