Not sure if this is the right way to do it, but it works for me; hopefully it’ll be of some use to others…
I have a corporate intranet that everyone needs access to; some people are not allowed access to the internet though. You may have a similar situation at home, wanting to limit the kids to your hom network but not to the web. My solution via CIS is:
Create Network Zone “Intranet”. Add a RANGE of addresses to it; 192.168.1.1 - 192.168.1.255 (ie. your internal IP range)
Create Network Zone “Internet”. Add a RANGE of addresses to it; 192.168.1.1 - 192.168.1.255. (again, your internal IP range, same as before). Tick the Exclude box for this Zone.
Set a password in the Parental Controls section of CIS and that’s the web locked down for that PC. Simple (now I’ve figured it out; it took a while to make the mental leap…)
I would like to Prevent access to the Internet but allow Intranet (to give it a try).
I have followed this guide, but I am behind a router and it brings some confusion.
My network is as follow (it is temporary down - but one single current working machine and a router)
192.0.0.1 - Router
192.0.0.2 - 192.0.0.4 - 3 PC & 1 print server
I created 2 Zones in my Network Zone and Use the stealth port wizard to have this 2 zones in the Global rules:
Network Zone Intranet: Range 192.0.0.1 - 192.0.0.4
Network Zone Internet: Range 192.0.0.1 - 192.0.0.4 (exclude)
It fails (I can still connect the internet) since the router 192.0.0.1 is include in both Zones
Q1. What is the correct IP range: The IP addresses of the PC’s, router excluded?
Q2. If the router IP is excluded in the Zone ranges, how can communication occurs between the PC’s? Isn’t the router is the central point to manage the LAN/WAN sides.
Edit: changing the Zone IP to 192.0.0.2 - 192.0.0.4 failed too. There is something I don’t do right or don’t understand. I have a remark though: When a user’s post figures in the Guide section, I would expect a Mood to edit it, including the different steps, so that anyone at any level could reproduce and experience by himself. I would not have such demand if it was a tip in the help thread. Thanks.
I’m looking at an installation of v2.8 here; in Security there are tabs for Tasks and Network Monitor; you need to set these zones up in Tasks then allow/block in Network Monitor.
To test this with 3.9, what I did was create a global firewall rule,
Block IP Out Source (the IP of this machine) Destination Exclude Zone [Home] Protocol Any.
Place this Block rule as the first block rule in the list.
Enable Password Protection with Parental Control.
This effectively blocked all access to the Internet.
Now, when I installed CIS, I said the network zone it found (192.168.xxx.xxx, I am behind a router) was accessible to anyone in this network [Home]. This action created two rules,
Allow All Incoming requests if the Target is in [Home]
Allow All Outgoing requests if the Target is in [Home]
The end result is local network access, but NO Internet access.
Note this is machine specific, but since each machine is assigned a unique IP in your network (and this IP can be set as permanent), it effectively controls what machines have access to the Internet.