4 computer network project...

[glin22]

Hi Folks,

What I'd like to do is set up a class C network of 4 computers. I want to be able to share info between all 4 of them locally but only 2 of the machines will be able to access the internet while the other 2 cannot have any internet traffic going in or out. I've spent a fair amount of time trying to read up on how I could do this but didn't really find anything that explained things in a clear way. I did find one article that had a bit of helpful info but it still isn't enough for me to solve this project.

I have 2 Linksys routers, I set the first router address to 192.168.1.1, the second router was set to a different subnet 192.168.2.1, the first router has the cable modem going into the WAN port. Then I linked up a ether cable from one of the LAN ports on the first router and had that going into the WAN port of the second router. I got a computer hooked up to the 2nd router by way of a LAN port but it still had access to the Internet. Is there any way to shut off any Internet traffic to any computers connected to the 2nd router but still have them capable of sharing stuff locally ?

Anyway, I need a bit of help from someone who knows more about how to do this as I am going around in circles. I think I can put this together if someone can get me pointed in the right direction.

Thanks,

Glin22

[firenice03]

There are a few ways to accomplish.. Since your only needing 2 blocked.. You could block access via their MAC addresses using a policy.
The policy would allow local access but deny access to the internet..

If choosing this option you could condense to a single router...

You may find this under Access Restrictions or Policy..
Searched and found for an example - http://www.linksys.com/ph/support-articl...Num=136710


If you're wanting to block anything that could connect to the 2nd router (WiFi or future devices) you could - depending on router - create a firewall rule on that router blocking those ports.. (80,8080,443, etc...)

A couple ideas...

[torreydale]

glin22,

It would seem to me that you would just leave off the gateway address on the computers you don't want to access the Internet. 

You can have all 4 computers on the same class C network connected to the switchports (ie. Ethernet ports) of the same router.  But for the 2 computers you don't want going to the Internet, just statically configure their network settings for the same Class C network, and leave off the gateway address.  In other words, for the 2 computers you don't want to access the internet, you only need to configure their IP address and subnet mask.  Do not configure any DNS Server entries or the Gateway IP address.

The Gateway address (ie. the router's IP address) is the gateway, or the doorway, to the Internet.  Without that doorway, those 2 computers have no path to the Internet.  But with the IP addresses and subnet masks configured, they will be able to communicate with devices on that local class C network only, which is what you say you want.

Cheers.

[miken242]

[HELPFUL TIP] Networking between linux pcs[linux lite forum ...network]

This also works with windows /linux found this very useful and secure

cheers mike

[torreydale]

miken242,

Directing glin22 to your Nitroshare post at this link is a partial answer.  It addresses sharing between glin22's 4 computers, but it does not address the concern glin22 has to leave 2 of the 4 computers free of Internet access.  To accomplish that part, I still say leave the PC's you don't want to connect to the Internet free of DNS and gateway configurations.  In other words, leave those settings blank on the computers you don't want to access the Internet.

[firenice03]

torreydale's solution will work... But I would add; locking the "user" profile so that they couldn't add the gateway back into the settings, if this is a concern... This too could be accomplished with just 1 router...

Guess it depends on how your planning on using..
Just for yourself, testing/lab - For various end users, like a classroom - PC's in the house for the kiddies to play on..

And do you require the 2 routers or can it be condensed (curiosity)..


Many ways to skin this cat

[glin22]

Thanks very much for the replies !

You know, last night I spent another 3 hours searching for info but all I get is bits and pieces, nothing where I can get the complete context. The other problem is I don't know what the network I am trying to put together is called. Part of it is a private Intranet and the other is WAN,

As some of you said, maybe I can set up a policy where only certain computers have access. Maybe I don't need an additional router, maybe everything can be on the same subnet and just have those policies installed.

Well, at least I have more to go on now, will report back when I try out some of the things you mentioned.

Glin22

[glin22]

Woo Hoo !

Last night I got the version of this working on the same router by setting up the mac address of the computer I didn't want to have internet access. But at first it didn't want to work, I fiddled around for about 10 min until I realized that I was denying the policy ! I was so fixated on the idea of denying any internet access that I didn't clearly read what the router was saying !! Haha ! I was denying the policy ! As soon as I set that to accept, it worked fine.

So now I am going to see if I can get torreydale's version of it working. Torreydale, your explanation of the situation was better than what I got out there on the internet, it helped ! Thanks !

@firenice3  Your question about whether it could be condensed....I just had a bunch of equipment given to me so I have 3 routers along with a bunch of other stuff to play around with, I just thought that was the only way of doing it.

But like you people said, there's a bunch of ways to skin the cat. Youz peoplez are turning me into a good cat skinna !  ;D

[firenice03]

;D ;D  
Good to hear... Keep skinnin

[glin22]

2 for 2, Got the other cat skinned... ;D

The network also works with taking out the gateway on the machine I don't want to have going out to the internet. I didn't know you can just leave out the gateway on a computer, that was nice to know.

But my situation is a bit funny now...yes, I can get what I wanted with 1 router but now I have other things I want to have networked so it looks like I might need the router for extra ports to put stuff on, 4 ain't enough now, haha !

If I do hook up another router for the extra ports and the 2 routers are on different subnets, can local access be gained on everything ? Or is the local traffic on a specific subnet limited to devices hooked up to only that specific subnet ?

Anyway, things are going much better than before.

Glin22