Ron Rosson wrote:
> I am adding a PC to my LAN that I only want it to be able to use
> local resources of the LAN (ie printers shared drives etc.) but do
> not want it to be able to access the internet. Machine will be using
> ethernet for its connectivity and I am using two of the three ports
> of my net4501 with it doing DHCP to all computers.
> Suggestions welcome.
> P.S. If it it would be possible to swing in captive portal for this
> machine as well to provide internet access on only an authenticated
> basis that would be a bonus.
Reserve an IP in the DHCP for the MAC address of the machine (make sure
the user cannot change the IP address manually). Create a firewall rule
on the LAN interface that blocks that IP. The rule should look something
Source: <blocked IP>
This rule should be placed before the "Default any -> any" rule.
This rule should not restrict access to any LAN resources. It should
only block traffic from passing the out of the gateway (m0n0wall). This
will include any "desirable" traffic like updates (OS or antivirus...)
James W. McKeand