Security and Mac filter

  mjf123 10:07 09 May 2007
Locked

We have ten computers all linked together with a switch/hub, we are about to connect the switch to a adsl router for broadband. We only actually want two of the computers to have internet access and I have been told to buy a router with a "mac filter" to block out the other eight. Could any body suggest a non wireless router that has "mac filtering" please.

Thanks.

  Danoh 12:03 09 May 2007

You will find it easier to source a wireless router and just turn the wireless function off.
As there are a lot more of these sold (& mass produced), their prices could be cheaper then non-wireless routers available.

I have a Belkin wireless router whose MAC address filtering also works for ethernet cable connections and wireless. But a Netgear wireless router (DG834g v3) I'd bought and installed for a friend over the bank holiday weekend, has MAC address filtering for wireless connections only it seems.

  mjf123 17:10 09 May 2007

Danoh

I already have a DG834g but I have an original Ver 1 that does not filter mac addresses on ethernet either. I tried emailing Netgear and got a useless auto reply telling me to look at their support pages, that was the first thing I had already done. Could you tell which model of Belkin you have please?

  Danoh 17:31 09 May 2007

Belkin F5D8230-4 Pre-N but its not sold anymore, being superseded by newer models.
Perhaps others with newer Belkin or other manufacturers routers could vouch if theirs has MAC address filtering on the 4 Ethernet ports as well.

  irishrapter 18:28 09 May 2007

Well I know that in most Netgear routers you can set the router to assign static IP addresses based on the computers MAC address.
So in your case you could assign eight of the computers a range of IP addresses, as an example with the Netgear it could go 192 . 168 . 0 . 10 up to 192 . 168 . 0 .17.
Then with the two computers you want to allow internet access you could assign any other IP addresses you want really, but for this example say we assign 192 . 168 . 0 . 2 and 192 . 168 .0 .3.

Then in the routers firewall settings you can block the eight computers in the first range from getting access to the internet and leave the other two with full access.

  setecio 20:25 09 May 2007

I have read that MAC spoofing is quite easy, so this wouldn't be a very secure way of blocking internet access.

The secure way would be to buy 2 more NICs and connect the 2 computers to the adsl broadband router on a different subnet.

  Abra {tag28} 01:50 10 May 2007

The simple way would be to block port 80 from being forwarded to the other 8 machines by using static ips, which can be set so the router will automatically assign an IP to a specific computer.

This will retain the networking functionality, but block the internet.

Or you could use Group Policies on the other machines, give the users an account, and restrict internet access / internet explorer access on those pcs.

  mjf123 10:45 10 May 2007

There are some great answers here thanks, my real problem is we have ten computers and a Microsoft Small Business Server. The boss has bought a very expensive bespoke software package, but it only works if all the users are logged on as "Administrators"! Now I know that is wrong but just try and tell my boss that, he won't have it, so I cannot deny access to the net using profiles. I thought to use two nic cards in the two PC's but was told it would be easier to change routers and do mac filtering.

If I use two cards can anybody explain exactly what to do please? I believe it might involve "bridging" which I have no experience of.

Thanks for everybodys input so far.

  setecio 11:50 10 May 2007

I would have thought that you keep the 2 networks seperate rather than bridge them. The situation being that only the 2 computers have access to the 'internet' network, while the others remain on the LAN network.

Bridging them would, as it implies join them and allow everyone access to the internet, and defeat the purpose.

  Abra {tag28} 12:12 10 May 2007

"There are some great answers here thanks, my real problem is we have ten computers and a Microsoft Small Business Server. The boss has bought a very expensive bespoke software package, but it only works if all the users are logged on as "Administrators"! Now I know that is wrong but just try and tell my boss that, he won't have it, so I cannot deny access to the net using profiles. I thought to use two nic cards in the two PC's but was told it would be easier to change routers and do mac filtering."

The simple solution then would be to assign static ips to all the machines, block port 80 on the non-internet machines. That way they should also be able to update any antivirus / windows updates in the background, but lose the ability to display webpages.

  mjf123 13:00 10 May 2007

Thank you All.

Abra, I've tried your suggestion and blocking port 80 has done the trick.

thanks all for helping.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

30 UK artists have created vibrant posters celebrating Pride London

iPad Pro 10.5in (2017) review

Comment connecter un MacBook à une TV ?