Block internet access on one PC but still have local network access

[Jamesxxx]

I have two PCs one has Win XP 32 and the other has Vista 64. I want both machine to be networked so I can exchange files etc.

Both have internet access currently. I want the Vista machine to have ZERO internet access. So nothing from Vista machine can go online. Yes I can pull the plug off on the vista machine from my router but the that would kill my local network too.

So how do I block internet access for the Vista machine but still have functioning local network?


=========================
Moved to the "Networking" Forum
RebateMonger - AnandTech Moderator

 

[RebateMonger]

There are several ways to do this. One simple way, assuming you don't have to worry about users trying to get around it, is to blank the Default Gateway on the PC's network settings. The computer will no longer know how to find the Internet.

 

[Jamesxxx]

Originally posted by: RebateMonger
There are several ways to do this. One simple way, assuming you don't have to worry about users trying to get around it, is to blank the Default Gateway on the PC's network settings. The computer will no longer know how to find the Internet.

I am the only user. Ok I wil l try that. If i have any further questions I will come back.

Is there anyway I can check for updates for Vista on my XP computer? I mean download it there and install it on Vista later? I know with service packs you can do that but for general minor updates?

I mean it's not that important as I already went online and updated Vista to all the latest stuff.
I just like keeping my Vista workstaion offline as it has lot of important data.

 

[spidey07]

Even taking out the default gateway may not be enough if the router is doing proxy-arp.

Easiest way is to create an access control list on the router that only allows the computer you want out to the internet. You can also create access control lists on vista as well for extra measure.

 

[RebateMonger]

Originally posted by: Jamesxxx
I just like keeping my Vista workstaion offline as it has lot of important data.

You can, of course, do this if you wish. But I'd weigh the inconvenience against the security risks. Assuming you are behind a NAT router (like all SOHO routers), the biggest risk to that PC are your OTHER PCs.

I'd prefer:
1) Turning on Vista's inbound firewall
2) Putting STRONG passwords on all local accounts on the PC
3) Turning on automatic Microsoft Updates
4) Don't browse the Internet or use email on that computer

There are millions of businesses that run in this mode. The security problems mostly come from what humans do to their own computers (i.e. browsing the Internet and installing software from uncertified sources).

 

[JackMDS]

Use this free Firewall, http://www.pctools.com/firewall/

There is separate rules for Local traffic (Trusted Zone) and Internet Zone.

You can selectively block Internet traffic and allow what ever you want locally.

The same can be done with Vista Native Advanced Firewall if you are to the challenge of learning how to use it.

http://technet.microsoft.com/e.../library/cc748991.aspx

 

[VirtualLarry]

If this were W2K, I would suggest installing the NetBUEI (blegh) for local LAN file-sharing, and uninstall the TCP/IP protocol (for internet, or lack thereof). But XP and Vista seem to have done away with the possibility of installing NetBUEI. Too bad.

 

[tranceport]

Remove DNS and gateway from vista box.

It will have no name to ip resolution for internet addresses and even if you try ip it will not know how to get outside of it's network.