Blocking a LAN ip from internet access/

Page 1 of 2 12 LastLast

  1. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
       New #1

    Blocking a LAN ip from internet access/


    Hi all, I'm venturing into networking for the first time as I bought a Synology DS1813+ to manage backups/file storage, etc. This is my configuration:
    - A Cisco ADSL Modem, connected to...
    - A TP-LINK TL-R600VPN Gigabit Broadband VPN Router, connected to...
    - TRENDnet 8-Port Unmanaged Gigabit GREENnet Standard Switch (8 x 10/100/1000Mbps) Model: TEG-S80G

    The switch is connected to two devices:

    - My PC's Intel LAN Gigabit Port (it also has another Realtek unused Gigabit LAN port) and Synology DS1813+ NAS.

    Using auto configuration everything is working fine. However, I plan to assign a fixed IP address for both my PC and the NAS.

    What would be the most secure way of manually blocking the NAS from incoming/outgoing internet access? I know how to enter the router's interface, but have no idea how to block the NAS.
    If I instead connect the NAS to the PC using its Realtek LAN port (the unused one), would that isolate the NAS from the internet?

    Thanks
      My Computer
    Quote Quote

  3. tomerello
    Posts : 73
    Windows 7 Professional 64bit
       New #2

    I have never used this NAS before but if you don't assign the device a standard gateway would it not be able to connect to the big mysterious internet.
      My Computer
    Quote Quote

  4. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #3

    Personally, I would set a static IP address to the NAS and then apply and access control list on the router. To do so please follow your routers manual below (Page 38 onwards). This should allow clients connected directly to the router access to the NAS however you may find that only hosts connected to the switch will have access.

    http://www.tp-link.com/Resources/doc...User_Guide.pdf

    Remember to set the static IP address stack outside your DHCP scope otherwise you may encounter IP address conflicts (Page 26 to find ranges)

    EDIT: @Tomerello, sure would but could have complications with VPN since the router is the middle man.

    Both viable options though.

    Hope This Helps,
    Josh :)
    Last edited by Shadowjk; 26 Aug 2013 at 16:04. Reason: Added Comment
      My Computer
    Quote Quote

  6. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #4

    Thanks tomerello and Josh for your answers.
    Josh, I will research those router manual pages to follow your suggested path and will update this post.
    What about the other option I mentioned? I mean, if I disconnect the NAS from the switch and instead connect it directly to the other PC's unused LAN port (Realtek). Would that guarantee the NAS being isolated from the internet?
      My Computer
    Quote Quote

  7. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #5

    Yes it would stop the NAS accessing the internet but it would also stop anyone else but the machine connected to it being able to access since the NAS will have to be on a different subnet.

    Josh :)
      My Computer
    Quote Quote

  8. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #6

    Shadowjk said:
    Yes it would stop the NAS accessing the internet but it would also stop anyone else but the machine connected to it being able to access since the NAS will have to be on a different subnet.

    Josh :)
    The Subnet Mask currently used by the LAN's router is 255.255.255.0 . If, as mentioned earlier, I try a direct NAS to PC connection (to the unused Realtek LAN port) overriding the switch, what Subnet Mask should I use when configuring such direct connection? I guess it should be a number different from 255.255.255.0 as that is the one used by the router?

    Also, if I set a static IP for both the NAS and PC, can I connect them via the Switch alone without the router? The only benefit over the direct LAN-PC connection would be the possibility of adding more devices to the internet-less LAN?
    Last edited by antares; 28 Aug 2013 at 10:25.
      My Computer
    Quote Quote

  10. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #7

    If, as mentioned earlier, I try a direct NAS to PC connection (to the unused Realtek LAN port) overriding the switch, what Subnet Mask should I use when configuring such direct connection? I guess it should be a number different from 255.255.255.0 as that is the one used by the router?
    The subnet mask can be the same if you wish and for easy configuration I would keep it the same for the Realtek port. When I mean a different subnet I mean a slightly different IP address. For example your IP address for the network card connected to the switch could be '192.168.1.X'. The penultimate number/octet represents the network based on the subnet mask. Therefore for the realtek port that would connect to the NAS you would have an IP address of something like '192.168.2.X' Since 2 is different than 1. By doing so you have created a new network. Keep the subnet mask the same 255.255.255.0 for all LAN cards when setting up static IP addresses and the default gateway is the IP address of your router. For the realtek port you won't have a router therefore you can leave that blank. When setting a static IP address for your network card that is connected to the switch make sure that the DNS servers are set to the same IP address as your default gateway.

    Also, if I set a static IP for both the NAS and PC, can I connect them via the Switch alone without the router?
    Yes, For example if your PC has an IP address of 192.168.1.10 and your router has an IP address of 192.168.1.1, you can just simply set a static IP address on your NAS by changing the last octet/set of numbers. For example you could set the IP address for the NAS as 192.168.1.50 with a subnet mask of 255.255.255.0. By doing so, whenever you wish to connect to your NAS you can do so without going through your router .

    The only benefit over the direct LAN-PC connection would be the possibility of adding more devices to the internet-less LAN?
    That would be correct but the major disadvantage or advantage depending on how you look at it, is that only the PC directly connected would have access to the NAS. Any other machine connected to the switch or wireless network would not have access to the NAS.

    Hopefully this answers some of your questions,
    Josh :)
      My Computer
    Quote Quote

  11. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #8

    Hi Shadow again, you seem to be a knowledgeable networking guy, can you recommend a book in TCP/IP networking for newbies like me? Thanks
      My Computer
    Quote Quote

  12. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #9

    antares said:
    Hi Shadow again, you seem to be a knowledgeable networking guy, can you recommend a book in TCP/IP networking for newbies like me? Thanks
    It depends really what sort of area in networking you want to look into. For example I'm better with network infrastructure than with file sharing and homegroups. As for a book, I don't know one that I could recommend unfortunately I did however find a microsoft page on TCP/IP which you may wish to look into. It does get quite complex with binary but overall it tells you the fundamentals of IPv4 :)

    http://support.microsoft.com/kb/164015

    Hope this helps,
    Josh :)
      My Computer
    Quote Quote

  13. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #10

    Thanks Josh, nice link. This is considered to be a classic for TCP/IP, even though it's quite old, but still relevant. Regards.
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Hi. My younger brother keeps scamming his way to gaining access to his laptop and then goes on to play online games, when he's got the PC for completing his projects. How can I block router/internet access to that specific program without affecting his average browsing capabilities? I would...
Hi Just uninstalled a pirated Norton 360 from my girlfriend's computer (Installed by an ex), then after restarting the laptop I couldn't connect to the internet. Ran diagnostics and turned up sayin firewall settings are blocking incoming connections. Switched off firewall restarted laptop stll...
The computer is new. I added a second HDD (G:) from my old computer. Windows Explorer sees G:, lists its files, but when I try to call up a file, it says I have no access. This in spite of my administrative rating. I have tried to change the security configuration on G:, but then it starts...
I have just set up a new system running Windows 7 Professional 64 bit. For some reason I cannot access certain sites in any browser (IE, Firefox or Safari (Haven't tried Chrome yet)). Example sites that are blocked may be redirects such as those starting with Email Marketing Software & Email...
Several months ago I posted about some software that allows me to centrally manage pushing patches to my home computer network, which is 2xXP and 9xWindows 7. I never did find any software that could accomplish the task, at least non-corporate software that didn't cost more than my car. So, I'm...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:42.
Find Us