Hello,
there is one machine in our network which I'd like to absolutely
block from the internet. It should be able to access machines
on the LAN (shared drives only) (it would even be sufficient if
that machine had access to only the shares on the e-smith
server) but it must be absolutely impossible for it to access
the internet in any way.
To clearify a bit here's our structure:
...internet ...
/\
|
.
.
.
|
|
\/
[ADSL-Modem]
/\
|
|
| NIC1 of e-smith server
|
[e-smith server]
|
| NIC2 of e-smith server
|
|
\/
[ A simple HUB ]
| | | |
| | | |
| | | |
| | | |
\/ \/ \/ \/
A B C D
Clients A, B and C are ok.
They run either some version of Windows or
some Linux (Debian or Mandrake).
These clients can access the internet unrestricted.
They also provide network shares (NetBIOS?)
themselves. Also they are able to access the Samba
shares on the e-smith server.
The e-smith server runs the folowing services:
- provides internet access by using the ADSL line
- provides e-mail (SMTP/IMAP)
- provides space for files by having some ibays
The client I want to block is D which will run Windows
XP. It's much to 'talky' for my taste and even though it
is a legal, licensed copy I don't want any information
to be sent anywhere if I don't want it.
I'm quite paranoid that if I block the IP of client D it
will still be somehow possible for client D to use
one of clients A, B or C to access the internet.
(I don't mean a human - I really mean the OS).
How can I make it technically possible for D to get
access to the ibays but at the same time make it
technically impossible to get access to anything
else?
If it would help I could use a third NIC in the server
and physically connect client D to only this NIC.
I'm using V5.0 but plan to migrate to 5.5 soon.
Many, many thanks for your patience and please
excuse my english. If something isn't clear please
don't hesitate to ask.
best regards
paranoid
4 Replies
535 Views