Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Blocking a LAN ip from internet access/


26 Aug 2013   #1

Windows XP Professional SP3/Windows 7 Ultimate x64
 
 
Blocking a LAN ip from internet access/

Hi all, I'm venturing into networking for the first time as I bought a Synology DS1813+ to manage backups/file storage, etc. This is my configuration:
- A Cisco ADSL Modem, connected to...
- A TP-LINK TL-R600VPN Gigabit Broadband VPN Router, connected to...
- TRENDnet 8-Port Unmanaged Gigabit GREENnet Standard Switch (8 x 10/100/1000Mbps) Model: TEG-S80G

The switch is connected to two devices:

- My PC's Intel LAN Gigabit Port (it also has another Realtek unused Gigabit LAN port) and Synology DS1813+ NAS.

Using auto configuration everything is working fine. However, I plan to assign a fixed IP address for both my PC and the NAS.

What would be the most secure way of manually blocking the NAS from incoming/outgoing internet access? I know how to enter the router's interface, but have no idea how to block the NAS.
If I instead connect the NAS to the PC using its Realtek LAN port (the unused one), would that isolate the NAS from the internet?

Thanks

My System SpecsSystem Spec
.

26 Aug 2013   #2

Windows 7 Professional 64bit
 
 

I have never used this NAS before but if you don't assign the device a standard gateway would it not be able to connect to the big mysterious internet.
My System SpecsSystem Spec
26 Aug 2013   #3

Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
 
 

Personally, I would set a static IP address to the NAS and then apply and access control list on the router. To do so please follow your routers manual below (Page 38 onwards). This should allow clients connected directly to the router access to the NAS however you may find that only hosts connected to the switch will have access.

http://www.tp-link.com/Resources/doc...User_Guide.pdf

Remember to set the static IP address stack outside your DHCP scope otherwise you may encounter IP address conflicts (Page 26 to find ranges)

EDIT: @Tomerello, sure would but could have complications with VPN since the router is the middle man.

Both viable options though.

Hope This Helps,
Josh
My System SpecsSystem Spec
.


26 Aug 2013   #4

Windows XP Professional SP3/Windows 7 Ultimate x64
 
 

Thanks tomerello and Josh for your answers.
Josh, I will research those router manual pages to follow your suggested path and will update this post.
What about the other option I mentioned? I mean, if I disconnect the NAS from the switch and instead connect it directly to the other PC's unused LAN port (Realtek). Would that guarantee the NAS being isolated from the internet?
My System SpecsSystem Spec
27 Aug 2013   #5

Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
 
 

Yes it would stop the NAS accessing the internet but it would also stop anyone else but the machine connected to it being able to access since the NAS will have to be on a different subnet.

Josh
My System SpecsSystem Spec
28 Aug 2013   #6

Windows XP Professional SP3/Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Shadowjk View Post
Yes it would stop the NAS accessing the internet but it would also stop anyone else but the machine connected to it being able to access since the NAS will have to be on a different subnet.

Josh
The Subnet Mask currently used by the LAN's router is 255.255.255.0 . If, as mentioned earlier, I try a direct NAS to PC connection (to the unused Realtek LAN port) overriding the switch, what Subnet Mask should I use when configuring such direct connection? I guess it should be a number different from 255.255.255.0 as that is the one used by the router?

Also, if I set a static IP for both the NAS and PC, can I connect them via the Switch alone without the router? The only benefit over the direct LAN-PC connection would be the possibility of adding more devices to the internet-less LAN?
My System SpecsSystem Spec
28 Aug 2013   #7

Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
 
 

Quote:
If, as mentioned earlier, I try a direct NAS to PC connection (to the unused Realtek LAN port) overriding the switch, what Subnet Mask should I use when configuring such direct connection? I guess it should be a number different from 255.255.255.0 as that is the one used by the router?
The subnet mask can be the same if you wish and for easy configuration I would keep it the same for the Realtek port. When I mean a different subnet I mean a slightly different IP address. For example your IP address for the network card connected to the switch could be '192.168.1.X'. The penultimate number/octet represents the network based on the subnet mask. Therefore for the realtek port that would connect to the NAS you would have an IP address of something like '192.168.2.X' Since 2 is different than 1. By doing so you have created a new network. Keep the subnet mask the same 255.255.255.0 for all LAN cards when setting up static IP addresses and the default gateway is the IP address of your router. For the realtek port you won't have a router therefore you can leave that blank. When setting a static IP address for your network card that is connected to the switch make sure that the DNS servers are set to the same IP address as your default gateway.

Quote:
Also, if I set a static IP for both the NAS and PC, can I connect them via the Switch alone without the router?
Yes, For example if your PC has an IP address of 192.168.1.10 and your router has an IP address of 192.168.1.1, you can just simply set a static IP address on your NAS by changing the last octet/set of numbers. For example you could set the IP address for the NAS as 192.168.1.50 with a subnet mask of 255.255.255.0. By doing so, whenever you wish to connect to your NAS you can do so without going through your router .

Quote:
The only benefit over the direct LAN-PC connection would be the possibility of adding more devices to the internet-less LAN?
That would be correct but the major disadvantage or advantage depending on how you look at it, is that only the PC directly connected would have access to the NAS. Any other machine connected to the switch or wireless network would not have access to the NAS.

Hopefully this answers some of your questions,
Josh
My System SpecsSystem Spec
19 Sep 2013   #8

Windows XP Professional SP3/Windows 7 Ultimate x64
 
 

Hi Shadow again, you seem to be a knowledgeable networking guy, can you recommend a book in TCP/IP networking for newbies like me? Thanks
My System SpecsSystem Spec
19 Sep 2013   #9

Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
 
 

Quote   Quote: Originally Posted by antares View Post
Hi Shadow again, you seem to be a knowledgeable networking guy, can you recommend a book in TCP/IP networking for newbies like me? Thanks
It depends really what sort of area in networking you want to look into. For example I'm better with network infrastructure than with file sharing and homegroups. As for a book, I don't know one that I could recommend unfortunately I did however find a microsoft page on TCP/IP which you may wish to look into. It does get quite complex with binary but overall it tells you the fundamentals of IPv4

http://support.microsoft.com/kb/164015

Hope this helps,
Josh
My System SpecsSystem Spec
19 Sep 2013   #10

Windows XP Professional SP3/Windows 7 Ultimate x64
 
 

Thanks Josh, nice link. This is considered to be a classic for TCP/IP, even though it's quite old, but still relevant. Regards.
My System SpecsSystem Spec
Reply

 Blocking a LAN ip from internet access/




Thread Tools



Similar help and support threads for2: Blocking a LAN ip from internet access/
Thread Forum
Solved Installed second HDD but Windows is blocking access Hardware & Devices
User Profile Blocking Access to a certain website Browsers & Mail
Browsers blocking site access Browsers & Mail
Windows 7 blocking ftp access Network & Sharing
user account blocking network access Network & Sharing
Blocking INternet access if patches not applied System Security
Bogus users blocking folder access General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:13 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33