Allow network sharing - but selectively deny internet access


  1. Posts : 20
    windows 7 & windows 10 both 64 bit
       #1

    Allow network sharing - but selectively deny internet access


    * Allow home network sharing - but selectively deny internet access to secondary computers

    Searching for answers, I found threads for the inverse situation
    (allow guest internet access but block access to host resources) but not my question.

    -------------------------------------------------------------------------------------

    I want to share resources between 2-5 machines at home,
    but deny internet access to the secondary machines - except when I specify.

    I run machines off a 10 port GB ethernet switch before the router.

    How can I do this? Thank you
      My Computer

  2. Samuria's Avatar
    Posts : 6,111
    windows 10
       #2

    Are they all using cable or are some on wifi?
      My Computer


  3. Posts : 20
    windows 7 & windows 10 both 64 bit
    Thread Starter
       #3

    all cable from 10 port switch -- 1 is w7 the rest are w10 - including main host
      My Computer

  4. Samuria's Avatar
    Posts : 6,111
    windows 10
       #4

    There isnt a simple way unless router has built in apps for that. You can edit ip and remove default gateway that will stop it. You could setup a free proxy and set them to use that which lets you set times etc for internet and can track what they do ban adult content etc CCProxy: Free Proxy Server software for Windows 10
      My Computer


  5. Posts : 20
    windows 7 & windows 10 both 64 bit
    Thread Starter
       #5

    It's been a couple years since I needed to do this, & it was on Win7 --
    seemed like I used "HomeGroups" or set up a local network - private IP addressing -
    that let the machines talk to each other over the wire,
    w/o going out on the BIG wire to the www.

    edit -- maybe this is easiest to do via Group Policy on the restricted target machines.
    I am the sole operator -- just need to feed the machines being config'd
    w/ resources from the master internet-accessible machine --

    but don't want the target machines to connect until I'm ready for them to.

    Plus, in previous years (XP ?) I remember using a dedicated usb cable-transfer device/app between 2 machines -
    sort of a pc-to-pc usb/ftp setup if you will. But I want instant resource sharing between more than 2 machines,
    thereby making use of the switch.

    ** or, this is a job for the firewall on the target restricted machines --
    Comodo article: "Blocking Internet Access while Allowing Local Area Network (LAN) Access"

    edit - now I'm learning how to ask a better question --
    Samuria gave your concise answer "Just give fixed ip with no default gateway job done"
    at How do I create Firewall rule that allows LAN and blocks internet?

    -- no messing around in firewall, etc. -- just -- Local Area Connection Properties > TCP/ipv4 Properties >
    set false IP address leaving Default gateway blank --

    all this after having set up basic file sharing in other system applets, eh?
    Last edited by newdev; 02 Jan 2021 at 17:06.
      My Computer

  6. jimbo45's Avatar
    Posts : 10,570
    Windows / Linux : Arch Linux
       #6

    Hi folks

    These days on Home computers this is a bit of a pain since anybody with a decent mobile phone and a 5G (or a slower 4G) connection can create their own access point which you really can't do anything about --apart from the fact that it will be those users who do this will have to pay their own bills !!! -- Kids as young as 7 these days are often conversant with this sort of thing so you also need to keep a handle on their mobile phone usage as well.

    The only other sensible way is to set up a proxy server - but there again unless the computer users on these other machines can be prevented from having admin rights they can all change / edit internet parameters so again you might be on a hiding to nothing here.

    This sort of thing is simple to control in a work space environment / office LAN etc - but quite difficult to control sensibly in a private home -- depending on the age of the users and the ownership of the "Client" Machines.

    Some decent Routers can restrict Internet traffic by MAC address / other parameters so if you can get the MAC address of the LAN connections of your clients the router should be able to block traffic. Go to the router set up options -- usually logon to 192.168.1.1 or similar - the address will be in the router documentation -- and then look for things like security etc.

    This of course won't stop Internet access via mobile phone access points of course though - but at least you won't be responsible for any problems with dubious software, piracy etc etc.

    Cheers
    jimbo
      My Computer


  7. Posts : 20
    windows 7 & windows 10 both 64 bit
    Thread Starter
       #7

    Hail Hail @Samuria !

    Man, it's been an intense 48 hrs of back and forth just to understand - test/implement - document
    such an apparently simple solution --

    "Just give fixed ip with no default gateway job done"
    -------------------------------------------------------
    Hope this brief recap may help anyone else w/ a similar challenge + intent :

    First I got a couple w7 machines talking to & sharing w/ each other
    through basic Explorer > Properties > Sharing | Security settings --

    NOT Homegroups - since they've been abandoned by MS going forward.

    Then I got the w7 to see & share TO the w10 - but the w10 couldn't see/share TO the w7.

    This took several steps to implement to lead to Success,
    but perhaps the biggest lever was enabling SMB 1.0-CIFS CLIENT
    on the w10 machine in "optionalfeatures.exe" so it can talk to w7.

    Then the final super-sauce was indeed, using ipconfig /all to get the w10 ip + subnet,
    then leaving "Default Gateway" BLANK, and using classic Google 8-8-8-8 & 8-8-4-4 for DNS.
    --------------------------------------------
    Before I mark "Solved" and Close, I'll be greedy and ask if someone has a script/.bat file
    to toggle "Default Gateway" between router-default-issue and BLANK -- I'll surely appreciate it!

    Now me & Guinness Extra Stout are gonna go for a walk, and then a nice rejuvenating sleep --

    Cheers & Adios !
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 10:28.
Find Us




Windows 10 Forums