We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Simple firewall to block Internet access on XP

2»

Comments

  • Peter999_2
    Peter999_2 Posts: 1,442 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    If it was me, I'd just set the machines up with static addresses but don't include a gateway address. The machines will be able to access any machines on the same subnet but will not talk to anything outside the subnet as it will have no gateway (i.e. internet).
  • doverswot
    doverswot Posts: 61 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    colin79666 wrote: »

    Another easy option is just tick the proxy box in internet settings, set as all protocols and then put an exception in for the local lan. Make the proxy something invalid so they try to send all internet traffic through it, which fails.

    Whilst this would stop the Browser from accessing the Internet, other non proxy aware apps would still have Internet connectivity.
  • esuhl
    esuhl Posts: 9,409 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I Finally got round to rebuilding one of the XP machines! :) Buuuuut...
    tavernman wrote: »
    Ooops bad day try this as a bat file 
    route -f
route add 0.0.0.0 mask 0.0.0.0 127.0.0.1
route add 192.168.1.0 mask 255.255.255.0 192.168.1.1
    1 flush
    2 add default
    3 add your net

    As soon as I try the 2nd command, I get an error: 
    [B]C:\>[/B]route add 0.0.0.0 mask 0.0.0.0 127.0.0.1
The route addition failed: The parameter is incorrect.

    However, after running the 1st command ("route -f") I can ping the LAN and use the LAN-based application I need, whilst Internet access fails... which is just what I want!

    Would I need to do anything else, or is that it? And is there a way to make this persistent? Ideally I'd like to avoid using a batch file so that, even during startup, Internet access is blocked. Unfortunately the "-p" (persistent) switch only works when adding routes, not when flushing them all.

    Thanks again for all the help so far! :)
  • esuhl
    esuhl Posts: 9,409 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Okay... I discovered that, after rebooting, I'd lost all network access. In case anyone else has the same problem, I ran these commands to reset the network adapter:
    route -f
ipconfig /release
ipconfig /renew
arp -d *
nbtstat -R
nbtstat -RR
ipconfig /flushdns
ipconfig /registerdns
    And I discovered that the command needed to block all Internet access, while retaining LAN access is simply this: 
    route delete 0.0.0.0 mask 0.0.0.0
    And this should restore Internet access (where 192.168.1.254 is your router): 
    route add 0.0.0.0 mask 0.0.0.0 192.168.1.254
    :beer:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.8K Banking & Borrowing
  • 253.8K Reduce Debt & Boost Income
  • 454.7K Spending & Discounts
  • 245.9K Work, Benefits & Business
  • 601.9K Mortgages, Homes & Bills
  • 177.7K Life & Family
  • 259.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture