Share via

disable internet, leave LAN available

Anonymous
2014-01-29T01:01:31+00:00

I'm having some trouble with my antivirus on my old computer, and I've posted for help in several places. In the mean time I'd like to play a game. I probably won't be able to fix the problems tonight. I've taken the antivirus off-line, but want to restrict it so that nobody else can get onto the internet from that computer, without restricting LAN access or any other computer on the network.

I can disable network connectivity entirely rather easily, but is there a way to restrict all network traffic to the local subnet only (192.168.1.0/24) so that using Firefox to read this forum will fail, but going to \slicksgateway\public\documents will work?

I know how to lock down IE using parental controls, but not how to lock down Firefox, Chrome, and IE.

I could disable the network card quite easily, but that would block the LAN too.

Ideally, this would be something that I could quickly and easily reversed so I can come back tomorrow night and install new antivirus. If a batch file can be used to make a script to do this, that is acceptable.

Back in the dial-up days, this would have been easy by disabling or disconnecting the modem, but with broadband where both the LAN and the internet connected via the same router/switch (cable modem goes to the router port, computers goto the switch ports), it's not so simple. Then again, it's been so long since I had dial-up that I never had a modem connected to this computer at all.

Windows for home | Previous Windows versions | Internet and connectivity

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Anonymous
    2014-01-29T15:26:42+00:00

    Presumably the PC is configured to get its setting from the DHCP server in the router (this is the common option).

    Check the router to see what address range it is configured for. Some will operate for the entire subnet, if so change it so that there is an unallocated range.

    So as an example your router might be on 192.168.0.1 and its range is set to 192.168.0.1 to 192.168.0.254 (it does not matter if one of the range includes its own address, it would not issue it).

    Adjust one end to leave an unallocated space so it starts for example at 192.168.0.32 which would leave nothing getting the address from 192.168.0.2-31.

    Now on the PC go to the network settings and turn off Automatically get address. Set the values in that unallocated range but the important bit is to set the default gateway the same as the PC computer address i.e.

    IP Address:                       192.168.0.24

    Subnet Mask:                    255.255.255.0

    Default Gateway               192.168.0.24

    The DNS server can still be the router so that you can still access other PCs by name. The default gateway tells the PC what device to go to when it wants to connect to an address not on your network. All internet sites by definition are not on your network so if the default gateway is wrong it cannot access the internet. PCs which are on your network do not require access to the default gateway to talk to each other. Setting to an actual value of a working system reduces the timeout that would occur.

    10+ people found this answer helpful.
    0 comments

Answer accepted by question author

  1. LemP 74,930 Reputation points Volunteer Moderator
    2014-01-29T16:29:55+00:00

    I thought I explicated stated I wanted to disable the internet access on one computer only. I absolutely do NOT want to disable internet access for the other computers.

    Sorry, I missed that.

    As I said, you can filter using either the MAC address or the IP address of a local computer.  I agree that using MAC addresses would probably be safer, given the possibility that the IP address assigned by the router to any given local computer might change over time.

    From the User's Guide for your BEFSR41:

    The Security Tab - Filter

    When you click the Security tab, you will see the Filter screen. On this screen, set up filters to block specific internal users from accessing the Internet and enhance your network’s security.

    Filter IP Address Range

    You can create up to five different IP Address Range filters. To set up a filter using IP addresses, enter the range of IP addresses you wish to filter in the Start and End fields. Users who have filtered IP addresses will not be able to access the Internet at all. If you only want to filter one IP address instead of a range of IP addresses, enter the same value into both fields. For instance, if you wish to filter the PC with the IP address of 192.168.1.5, enter 5 into both fields on one line: 192.168.1.5 ~ 192.168.1.5.

    Filter Port Range

    You can create up to five different Port Range filters. To filter users by network port number, select the protocol you want to filter, TCP, UDP, or Both, from the Protocol drop-down menu. Enter the port numbers you want to filter in the Start and End fields. Users connected to the Router will no longer be able to access any port number listed there.

    Filter MAC Address

    This feature blocks computers with specific MAC addresses from going out to the Internet. For information on obtaining a MAC address, go to “Appendix C: Finding the MAC Address and IP Address for Your Ethernet Adapter.” To set the MAC filter, click the Edit MAC Filter Setting button.

    Edit MAC Filter Setting. Click the Edit MAC Filter Setting button. Select the range of MAC address entries in the drop-down box. In each mac field, enter the MAC address you want to filter. Click the Apply button before closing the window. To cancel changes, click the Undo button.

    7 people found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. LemP 74,930 Reputation points Volunteer Moderator
    2014-01-29T01:49:06+00:00

    It seems to me that the best place to do this sort of thing is in your modem/router.

    If it's OK for ALL of the devices on your LAN to lose Internet access, just disconnect the incoming coax to the cable/modem.  If  you'd rather not do that, or if you need to have some devices on the LAN retain Internet access, there's almost certainly an "access restriction" section somewhere in the configuration utility for your cable modem/router that will permit you to set access restrictions on the basis of IP or MAC address of your local computers.

    3 people found this answer helpful.
    0 comments
  2. Anonymous
    2014-01-29T13:04:44+00:00

    I thought I explicated stated I wanted to disable the internet access on one computer only. I absolutely do NOT want to disable internet access for the other computers.

    My Linksys BEFSR41 router/switch has MAC address filtering. I'll give it a try. I hadn't thought of that, I was thinking of the Windows end. It's usually so limited in capabilities.

    2 people found this answer helpful.
    0 comments
  3. Anonymous
    2014-01-30T04:51:57+00:00

    Well, I just found out that AVG 4.8 can still be downloaded for Windows 98SE users, and that you can once again renew the license. It also has extra features for XP. I know it doesn't slow down my system for Windows 98SE, so I installed it on the XP side of the Windows 98SE/XP dual-boot system.

    Now that I have a working antivirus, I don't need to worry about taking the internet offline for that system.

    1 person found this answer helpful.
    0 comments