Re: Prevent acces to internet via Server?


TimStannard
Member
#318068

Re: Prevent acces to internet via Server?

The site has two groups of people – Office staff who are on PCs forming part of the domain – a simple standard SBS install with two NICs in the server. I have another group of users who do NOT log onto the domain – they form their own workgroup and do NOT have access to data on the server but are on the same subnet so that they can access the internet (by specifying the server as the Gateway).

I want to be able to limit internet access for the members of the workgroup to certain times/sites and I plan to install SmoothWall Express and Censornet as the proxy/firewall combination.

The server will access the internet via the proxy/firewall, PCs on the domain will access the internet via the proxy/firewall and the workgroup PCs will access the internet through the proxy/firewall.

I can set this all up and have a similar setup (though all workstations access the internet directly via the proxy) elsewhere with Server 2003 (not SBS)

My problem in my current situation is that all the workgroup members need to do to bypass the effect of the proxy/firewall is to set their gateway IP to the NIC of the server as the server will then route those requests to the internet. This is what I want to prevent.

I do not want to do this with ISA as I already have all the tools I need and do not see any point in spending out on an upgrade and extra CALs (as well as OS upgrades in some instances)

All I’m trying to do with regards to SBS is REMOVE some of the functionality. I just can’t figure out what I need to switch off.