Most low end routers will allow you to completely block Internet access by
IP address and/or time of day. Typically, these routers will also block
access to specific web sites. However, these are usually global settings
which apply to all users.
If you want to allow access to only a very few web sites you can use routing
and pump out the settings with DHCP scope options:
1. Do not give DHCP clients a default gateway - this prevents general
Internet access.
2. Give clients static routes to specific IP addresses - eg.
Use DHCP option #33, or
route add 207.46.130.108 mask 255.255.255.255 <gateway IP address>
The routing alternative is clunky and quickly becomes unmanageable for more
than a handful of sites. The best way to achieve your goal is with ISA or
some other full featured proxy server, or a high end (expensive) router.
Doug Sherman
MCSE, MCSA, MCP+I, MVP
"Hawk" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I was wondering if someone would tell me if/how this would work:
>
> Basically I work at a school w/ a student laptop program. As it is
> now, students have laptops with wireless access, and can access
> anything on the WAN. (We just have access points set up throughout
> the school that are bridged with the LAN). So basically, students and
> faculty all have the same access.
>
> What I want to do is basically use DHCP from a Win 2003 machine to
> assign them an IP address, and then block ALL traffic to/from that
> range of ip addresses except what sites I allow. I know this will be
> very restrictive, but this is how I want it.
>
> for faculty (and lab machines), I want to give them a static IP addy
> w/ full access.
>
> Can anyone give me any information as to how this will work/what
> routers will do this? What features do I need to look for in a
> router? Or anyone have a better idea to restrict access ?
>
> Any other information will be greatly appreciated !
>
> Thanks
>
> Hawk
|
Similar Threads
Linear Mode
