Simple firewall to block Internet access on XP

esuhl

I have a few XP machines & VMs that don't need Internet access.

Does anyone know of a really simple, minimalist firewall that I can use to easily block all Internet traffic, allowing only LAN activity?

Big_Graeme

http://tinywall.pados.hu/

A nice little Firewall that is easy to use, works for me.

esuhl

Big_Graeme wrote: »

http://tinywall.pados.hu/

A nice little Firewall that is easy to use, works for me.

Thanks -- I came across that in my searches, and it looks ideal... except for the fact that it doesn't run on XP...

John_Gray

Why not set up a separate LAN, entirely unconnected to the internet?

Or am I missing something?

esuhl

John_Gray wrote: »

Why not set up a separate LAN, entirely unconnected to the internet?

Or am I missing something?

I need the machines to connect to my existing LAN (which has Internet access), rather than creating a new one.

tavernman

Set up static routes to local net and default route to point to 127.0.0.1 should work

esuhl

tavernman wrote: »

Set up static routes to local net and default route to point to 127.0.0.1 should work

Erm... sounds good... How would I do that...?

tavernman

Not got access to XP from here but https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_pro_addstaticroute.mspx?mfr=true

tavernman

[STRIKE]Eg if your XP machines (and your local network are on 192.168.x) You would have to route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 <the router or use 192.168.1.x where x is the local address of the XP box>
and
route add 0.0.0.0 mask 0.0.0.0 127.0.0.1[/STRIKE]

Ooops bad day try this as a bat file

route -f
route add 0.0.0.0 mask 0.0.0.0 127.0.0.1
route add 192.168.1.0 mask 255.255.255.0 192.168.1.1

1 flush
2 add default
3 add your net

ping your network
then ping say 8.8.8.8

Sorry about the above part not enough :beer:

Tried that on my W7 virtualbox seems to work, but Beware don't try it if you are remote just in case

colin79666

Assuming you just have a SOHO router doing all the real work (router, modem, switching, dhcp, dns etc) just give each XP machine a static IP address and then block that range on the router from having any outbound traffic. Something like 192.168.1.100-192.168.1.110 DENY ALL

Another easy option is just tick the proxy box in internet settings, set as all protocols and then put an exception in for the local lan. Make the proxy something invalid so they try to send all internet traffic through it, which fails.

Screenshot is from Windows 7 as that was the Windows box I could boot quickly but XP looks much the same.

esuhl

That sounds perfect, thanks! I'm having a few other problems with the machines, but once they're back up I'll give that a go.

EDIT: Just seen you comments too, Colin. That sounds like it would work too! Nice one! I'll probably try the other suggestion first, as I'll probably end up deleting and creating new VMs and forgetting about the router settings, but that's a great alternative.

Cheers guys :beer: