Have reasons to deactivate the complete Internet on a W10 computer, but leave the local network operative. How to do it? I do not want the firewall for this, any better? Fixed IP and no DNS or what do you advise please?
Hans
Hans
-
“ Sent from my Intel 80286 using MS-DOS 2.0
“
https://www.copytechnet.com/images/smilies/biggrin.png -
If you put in a static ip and either no Gateway address or a purposely incorrect Gateway address, the computer will then only be able to communicate on the local subnet. -
It needs to be done at the router and needs to be based on the MAC of the computer and need to be an allow list and not a block list. Otherwise you teenager that you don't want on the internet will most likely be able to defeat it. Even then if he/she has a cellphone they can still access using a WiFi hot-spot or USB/Bluetooth tether.Comment
-
VLAN or an incorrect gateway, or even DNS resolving to a local server with no forwarders.Comment
-
From Settings or Control Panel I would do this.Comment
-
If he sets this one computer up on a VLAN then the PC will be on a different subnet and unable to communicate with any other PC's in the office. Unless he sets up an inter-Vlan connection.
Like you said, an incorrect gateway will do the trick. Or really, just leave the gateway blank.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
This is true. Good point, Simply leaving the gateway blank or an incorrect gateway is easily overcome by almost anyone with basic PC knowledge.
rthonpm's suggestion of DNS resolving to a local server with no forwarders would be much better than an incorrect gateway but I don't even know if they have a server. Need more information.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Without the full explanation on why, we can't do more.Comment
-
On an older MFP without SMB or other good scan alternative, I will put an obsolete notebook beside as a scan-server. This notebook should not being used for anything else than just only collecting scans through FTP. I do not want any wise a$ to start to use it for going into the Internet.
Hans“ Sent from my Intel 80286 using MS-DOS 2.0 “
https://www.copytechnet.com/images/smilies/biggrin.pngComment
-
What's the MFP model ? I'm pretty sure we can do something more elegant than this.
What's the budget ?Comment
-
Hans, unless they have a server and you can do what rthonpm suggested, then you don't have many options other than leaving the gateway blank and keeping an eye on it.
Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
I prepared the old laptop as necessary and scanning is working fine. Quick and easy solution and working very good. I left the gateway blank and the laptop is in a locked room nobody can touch. Also is remote access blocked, so I see no great disadvantages. All seems a little clunky, but the customer is very happy that they can continue to use their loved BH-C-360.....
And I am happy continuing collecting my fees for the service contract with them, which is very rewarding since I have loads of parts for this very well running machine in stock.
?
Hans“ Sent from my Intel 80286 using MS-DOS 2.0 “
https://www.copytechnet.com/images/smilies/biggrin.pngComment
-
Set your gateway to something that is not the gateway ip.Color is not 4 times harder... it's 65,000 times harder. They call it "TECH MODE" for a reason. I have manual's and firmware for ya, course... you are going to have to earn it.Comment
Comment