Author Topic: Stopping a PC accessing the Internet ?  (Read 13124 times)

Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Stopping a PC accessing the Internet ?
« on: December 03, 2016, 07:09:50 AM »
I have a PC running Windows 7 driving my plasma cutter table. At the moment it is 'stand alone' ie NOT on my local network as I don't want external interference from the likes of Microsoft poking up dates at it. However I DO want to communicate with it from other PCs on my local network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch height controller, it is set up currently as 192.168.10.154 so is on a different 'sub net' from the rest of my local network which is 192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the 192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?

Any help appreciated
Andrew Mawson
East Sussex

Offline Pete.

  • Hero Member
  • *****
  • Posts: 1075
  • Country: gb
Re: Stopping a PC accessing the Internet ?
« Reply #1 on: December 03, 2016, 07:29:48 AM »
I'm sure you can't run one (standard) adpater on two separate subnets but you can block access to the internet from it in your router.

You used to be able to only bind a non-routable protocol like netbeui to the adapter which will only communicate on the local network but I don't know if that is an option nowadays. I'm sure it must be somehow, or something similar.

Offline David Jupp

  • Sr. Member
  • ****
  • Posts: 308
  • Country: gb
  • Teesside - UK
Re: Stopping a PC accessing the Internet ?
« Reply #2 on: December 03, 2016, 09:43:51 AM »
One option would be to add an extra Ethernet port to the PC (internal card or USB/Ethernet adaptor)  each can be on separate sub-net.

As long as http isn't used for comms between units that need to talk, then maybe consider using the PC firewall settings to block this (and any other ports Microsoft might use for updates).

As already mentioned - you may well be able to set the router to isolate certain machines from the internet.

Offline sparky961

  • Hero Member
  • *****
  • Posts: 844
  • Country: ca
Re: Stopping a PC accessing the Internet ?
« Reply #3 on: December 03, 2016, 09:55:33 AM »
I'm sure I accomplished this using the "hosts" file, but do you think I can find a good example now? Of course not.

I suspect I redirected all domains I could think of (.com, .net, .uk, .biz, etc) to the local loopback interface. This doesn't stop direct IP requests, just causes domain name lookups to fail.

If you're interested in this method there are enough keywords  above to get you started Googling on your own.

Offline woodguy

  • Jr. Member
  • **
  • Posts: 36
Re: Stopping a PC accessing the Internet ?
« Reply #4 on: December 03, 2016, 10:52:59 AM »
I do it using wireless for local net connections. Just stuck in a wireless usb adapter and done.

Offline PK

  • Sr. Member
  • ****
  • Posts: 369
  • Country: au
Re: Stopping a PC accessing the Internet ?
« Reply #5 on: December 04, 2016, 03:30:40 AM »
Just set the default gateway to something that isn't a gateway and make sure the routing and remote access service is disabled.

You may or may not want to disable DNS using the same approach, but this could cause some latency as requests time out..

Offline stvy

  • Jr. Member
  • **
  • Posts: 30
Re: Stopping a PC accessing the Internet ?
« Reply #6 on: December 05, 2016, 12:43:29 PM »
For the pc you don't want on the internet simply omit the gateway field of the network settings.

The IP address and the subnet mask define the loca network and this if you use the same network settings for all your pc's means they will all talk locally across that network. A gateway is only needed to get off your local network.

You may however find that some of your windows services and programs do not like being unable to connect to internet resources. I have seen windows update amongst others use almost 100% of a CPU core alone when the machine has no access to the internet. Effectively it consumes a whole CPU core whilst it works out to give up and unfrotuantely it tries again soon after. A multi core CPU gets around this.

Steve

Offline Pete.

  • Hero Member
  • *****
  • Posts: 1075
  • Country: gb
Re: Stopping a PC accessing the Internet ?
« Reply #7 on: December 05, 2016, 02:55:21 PM »
Could you avoid that by assigning 127.0.0.1 as the gateway or will it be too clever?

Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Re: Stopping a PC accessing the Internet ?
« Reply #8 on: December 05, 2016, 03:11:26 PM »
mysteriously, munging the gateway address still allowed the pc to connect to the interweb - I even deleted it with the same result.

admittedly I didn't do any 'release all' 'renew all' type commands so perhaps the gateway address persists until the lease expire  :scratch:
Andrew Mawson
East Sussex

Offline David Jupp

  • Sr. Member
  • ****
  • Posts: 308
  • Country: gb
  • Teesside - UK
Re: Stopping a PC accessing the Internet ?
« Reply #9 on: December 06, 2016, 02:52:51 AM »
To force changes to Ethernet adaptor settings to take effect, I usually disable the adaptor then re-enable.  There may be more subtle methods, but this is easy to remember.

Offline NeoTech

  • Hero Member
  • *****
  • Posts: 826
  • Country: se
    • Roughedge Hobbyworks
Re: Stopping a PC accessing the Internet ?
« Reply #10 on: December 06, 2016, 02:56:15 AM »
Easiest way of having the ethernet controller not bleeding into your routed network is to run it in its own network.

192.168.1. is the common routed network. But the uncommon one that is open for use is 10.10.10.  and if it sits in a completely different network with a 255.255.255.0 netmask and a 10 series broadcast adress it will not bleed into your other network.
Machinery: Optimum D320x920, Optimum BF20L, Aciera F3. -- I have not failed. I've just found 10,000 ways that won't work. http://www.roughedge.se/blogg/

Offline hanermo

  • Full Member
  • ***
  • Posts: 103
Re: Stopping a PC accessing the Internet ?
« Reply #11 on: December 08, 2016, 11:27:09 AM »
Stve post # 14 has the answer.

If You donīt have a gateway defined, the PC will not be able to access the internet.
Just leave it blank.

Also, you can be on many subnets at the same time.
Your CNC machine can be on say 10.10.1.0 - network address, and your PCs on another.

If your primary IP address is on the non-internet connected one, even the more clever programs wont be able to use it.

Do this:
/cp/network/properties/add ip address
e.g. 192.168.1.254 as a secondary ip to your plasma PC.
It will then see network shares, and can share files, but wont be able to access the internet.
The solution is perfectly safe.

Some rare mac-based stuff like auto-finding printers/pokeys autoconfig/csmio-ip-s autoconfig did not work, in the past, with 2 ip addresses.
I donīt know if they have fixed these bugs.


Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Re: Stopping a PC accessing the Internet ?
« Reply #12 on: December 08, 2016, 11:54:00 AM »
There isn't a post #14  yet - do you mean post #6 :scratch:

Yes but see post #8 above  :scratch:

BTW my actual gateway / router is 192.168.1.254 so probably not a good idea to add it it to the Plasma PC - but I assume you mean an address in the 192.168.1.XXX rather than that specific one ?

Can't do much testing at the moment as the specific PC is being mechanically embodied in the plasma table at the moment.
Andrew Mawson
East Sussex

Offline stvy

  • Jr. Member
  • **
  • Posts: 30
Re: Stopping a PC accessing the Internet ?
« Reply #13 on: December 08, 2016, 06:43:25 PM »
Andrew,

If your PC still got off of its local network and out on to the internet then it must have still had the gateway set. No question. If you take out the gateway and have that applied it cannot get out.

If you are getting your IP via a DHCP server then you are going to constantly get a gateway after every renewal if that is specified within the scope of the DHCP servers configuration. One way around this is to set this PC up with a static. If it is always connected and on there is no risk that the DHCP server will issue that same address out to another DHCP client. A correctly implemented DHCP client and server protocol involves the server first checking if an IP is free before issuing it.

You can be sure if a gateway is configured in windows using the command (run the "cmd" program) and type:

# route PRINT

if you have a gateway in place this will list it.

You can double check the running settings of the network with

# ipconfig /all

and you can see the entries.


If you do have some software that still finds its way on to the internet then this software is not written following the standards. Some software will discover a gateway by trying every valid address on a network until it succeeds and cache it. If you have something doing things like that then uninstall it from a PC that is dedicated to this type of work as you can not guarantee any behaviour with it.


Pete,

127.0.0.1 is a special IP address. It means the localhost. You should not put that as the gateway. Best practice is if you don't want a gateway set don't set one. Having an empty field is perfectly acceptable.






Regards,
Steve
 

Offline Pete.

  • Hero Member
  • *****
  • Posts: 1075
  • Country: gb
Re: Stopping a PC accessing the Internet ?
« Reply #14 on: December 09, 2016, 01:18:26 AM »
Pete,

127.0.0.1 is a special IP address. It means the localhost. You should not put that as the gateway. Best practice is if you don't want a gateway set don't set one. Having an empty field is perfectly acceptable.

Regards,
Steve
 

I think you might have to disable upnp or something to stop the gateway being discovered if the field is left blank.

Offline stvy

  • Jr. Member
  • **
  • Posts: 30
Re: Stopping a PC accessing the Internet ?
« Reply #15 on: December 09, 2016, 12:49:57 PM »
Pete,

If the software is written according to the standards it will not auto discover. The windows and linux network implementations do not auto discover gateways. The nearest you get is a DHCP server telling a DHCP client.

Regards,
Steve

Offline Bee

  • Jr. Member
  • **
  • Posts: 41
  • Country: gb
Re: Stopping a PC accessing the Internet ?
« Reply #16 on: December 11, 2016, 05:30:55 PM »
Which actual router do you have? are you with Virgin, BT, or some other ISP. Either way the answer is in the child safety or parental control set up. You can put restrictions in the outside access on routers to stop children getting 'out' while still allowing them to get to the local music and picture server. Look at the 'filters' section used for port forwarding which normally has controls based on the PC MAC address.

Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Re: Stopping a PC accessing the Internet ?
« Reply #17 on: December 11, 2016, 06:03:53 PM »
It's a BT Home Hub and it has the parental controls, but the hardware on the (Russian) torch height controller is forcing it to use 192.168.10.xxx whereas my network is the conventional 192.168.1.xxx

As previously mentioned, I can't experiment until this PC gets finally fixed into the Plasma Table, which won't happen for a week or two, BUT I have got myself a USB - WiFi dongle that hopefully will let this PC exist on both subnets, then I can use the parental control trick perhaps.
Andrew Mawson
East Sussex

Offline mfletch

  • Jr. Member
  • **
  • Posts: 86
  • Country: gb
Re: Stopping a PC accessing the Internet ?
« Reply #18 on: December 12, 2016, 04:05:44 AM »
first you can just turn off windows updates second use windows firewall to stop Internet explore excessing the Internet

Offline NeoTech

  • Hero Member
  • *****
  • Posts: 826
  • Country: se
    • Roughedge Hobbyworks
Re: Stopping a PC accessing the Internet ?
« Reply #19 on: December 13, 2016, 07:51:29 AM »
It's a BT Home Hub and it has the parental controls, but the hardware on the (Russian) torch height controller is forcing it to use 192.168.10.xxx whereas my network is the conventional 192.168.1.xxx

As previously mentioned, I can't experiment until this PC gets finally fixed into the Plasma Table, which won't happen for a week or two, BUT I have got myself a USB - WiFi dongle that hopefully will let this PC exist on both subnets, then I can use the parental control trick perhaps.

Adjust your netmask so it exlude the 10 network then. Not letting the 10 network to slip out.. its what netmasks are for. Telling what parts of the networks is accessible.
Properly configured network and it should not let it self roam your network. usually commercial routers and such is really loosely configured for ease of use but can be restricted.

Most obvious would be to tell the DHCP not to give those networks gateway adresses. Or just not use DHCP in those parts of the network and restrict netmask so it will not broadcast wide in the  C network (A.B.C.D - is the usual definition of a network).
Machinery: Optimum D320x920, Optimum BF20L, Aciera F3. -- I have not failed. I've just found 10,000 ways that won't work. http://www.roughedge.se/blogg/

Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Re: Stopping a PC accessing the Internet ?
« Reply #20 on: December 13, 2016, 08:01:52 AM »
Thank you all for the various suggestions - however

I think several of the more recent contributors have perhaps not taken in the actual need - I want to access this machine from my 192.168.1.xxx network yet prevent it accessing the net AND still have 192.168.10.xxx connectivity for the 'Purelogic' ethernet break out board and torch height controller that are the "raison d'etre" of the PC.

...I think, (but have yet to be able to test) - adding USB WiFi link to the 192.168.1.xxx network with suitable constraints 'should' do it  :scratch:
Andrew Mawson
East Sussex

Offline DMIOM

  • Hero Member
  • *****
  • Posts: 676
  • Country: gb
  • Isle of Man
Re: Stopping a PC accessing the Internet ?
« Reply #21 on: December 13, 2016, 08:19:24 AM »
Andrew, just one query - EMC?  I was a little worried when the PC was mounted in the fresh air and I wondered if, as its not in a complete Faraday cage, it might suffer with interference from the plasma discharge?  I'd be concerned about the implications of a USB WiFi dongle or similar (i) for the interference to the link, although I guess less important if its only used for downloading DXFs etc. prior to cutting; (ii) if the USB device/cable will provide a route for interference to get back into the PC, as the PC's +5v rail is used to supply +5v to connected USB devices and the cable might act like a receiving antenna.

Dave

Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Re: Stopping a PC accessing the Internet ?
« Reply #22 on: December 13, 2016, 08:38:07 AM »
Dave,

The Compac USSF has a well shielded case and every thing hanging off it uses screened cable. I think it'll be ok but time will tell ...... :scratch:
Andrew Mawson
East Sussex

Offline PK

  • Sr. Member
  • ****
  • Posts: 369
  • Country: au
Re: Stopping a PC accessing the Internet ?
« Reply #23 on: December 13, 2016, 04:06:15 PM »
Thank you all for the various suggestions - however

I think several of the more recent contributors have perhaps not taken in the actual need - I want to access this machine from my 192.168.1.xxx network yet prevent it accessing the net AND still have 192.168.10.xxx connectivity for the 'Purelogic' ethernet break out board and torch height controller that are the "raison d'etre" of the PC.

...I think, (but have yet to be able to test) - adding USB WiFi link to the 192.168.1.xxx network with suitable constraints 'should' do it  :scratch:

Could you not just set the net mask to 255.255.240.0 ?
That would make 192.168.1.xxx and 192.168.10.xxx the same network.

PK

Offline awemawson

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8966
  • Country: gb
  • East Sussex, UK
Re: Stopping a PC accessing the Internet ?
« Reply #24 on: December 13, 2016, 04:34:07 PM »
Don't know PK - I'll try that when it's back together - thanks for the suggestion  :thumbup:
Andrew Mawson
East Sussex