External Email =YES Internet = NO

Most of my experience is with Win98 clients so your mileage may vary. Can't
you just remove the gateway and dns address from the browser? We use IE and
Outlook for internet browsing and mail. All of my clients have email, many
of them do not have internet access.

I think on Win2000 different users (on the same machine) may or may not have
access to the net this way. If you block the MAC address, you block every
user on that machine.

I'm responding as much for my own education as I am proposing a solution.
Please shoot away.

Mitchell Kirby
V. P. Manufacturing
Riten Industries, Inc.

740-333-8719 Direct
800-338-0027 Sales
800-338-0717 FAX


-----Original Message-----
From: Michael Barry [mailto:mbarry@...]
Sent: Wednesday, October 02, 2002 6:27 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] External Email =YES Internet = NO


You can close ports 80,443,20,21 & 23 at the firewall to block http, https,
ftp and telnet traffic.

Michael

Michael Barry
Aspacia Systems Inc
866.566.9600
312.803.0730 fax
http://www.aspacia.com/


-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Wednesday, October 02, 2002 2:38 PM
To: vantage@yahoogroups.com
Subject: [Vantage] External Email =YES Internet = NO


Is there anyway that I can let a user have external email from my ISP
Then turn around and block them from accessing the internet

Background
SERVER's = NT4
FIREWALL = Sonic Wall Pro 200
CLIENTS = Mix Mostly 2000 - A couple NT4 WS - A handful of WIN 98
boxes

Group policies?
Can this be done?

Thanks gang

J.P. Piper
Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: admin@...





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/




Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Is there anyway that I can let a user have external email from my ISP
Then turn around and block them from accessing the internet

Background
SERVER's = NT4
FIREWALL = Sonic Wall Pro 200
CLIENTS = Mix Mostly 2000 - A couple NT4 WS - A handful of WIN 98
boxes

Group policies?
Can this be done?

Thanks gang

J.P. Piper
Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: admin@...
You certainly should be able to. I don't know how to configure a "sonic
Wall Pro 2000", but each service (ie POP, SMTP, HTTP) has a unique TCP port.
You can obtain the MAC address from the LAN card and only allow packets to
pass through your firewall from that MAC that have a source or destination
port for the POP/SMTP protocol. You could do it on the clients IP address
rather than MAC address if you have static IPs or make a reservation for
their IP address so it doesn't change.

The best approach is to block everything by default and only allow in what
you know you need. You need to cater for packets going to the ISP and
packets coming from the IPS to the client. The POP protocol uses port 110,
you would also need SMTP (port 25).

So the filter would be something like

MAC=A Destination_Port=110 Allow
MAC=A Destination_Port=25 Allow
MAC=A Source_Port=110 Allow
MAC=A Source_Port=25 Allow
MAC=A Deny
-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Thursday, 3 October 2002 7:38 AM
To: vantage@yahoogroups.com
Subject: [Vantage] External Email =YES Internet = NO


Is there anyway that I can let a user have external email from my ISP
Then turn around and block them from accessing the internet

Background
SERVER's = NT4
FIREWALL = Sonic Wall Pro 200
CLIENTS = Mix Mostly 2000 - A couple NT4 WS - A handful of WIN 98
boxes

Group policies?
Can this be done?

Thanks gang

J.P. Piper
Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: admin@...





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
You can close ports 80,443,20,21 & 23 at the firewall to block http, https,
ftp and telnet traffic.

Michael

Michael Barry
Aspacia Systems Inc
866.566.9600
312.803.0730 fax
http://www.aspacia.com/


-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Wednesday, October 02, 2002 2:38 PM
To: vantage@yahoogroups.com
Subject: [Vantage] External Email =YES Internet = NO


Is there anyway that I can let a user have external email from my ISP
Then turn around and block them from accessing the internet

Background
SERVER's = NT4
FIREWALL = Sonic Wall Pro 200
CLIENTS = Mix Mostly 2000 - A couple NT4 WS - A handful of WIN 98
boxes

Group policies?
Can this be done?

Thanks gang

J.P. Piper
Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: admin@...





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
If the people don't know much about PC's, there is a little "cheat" you
could try (I do it here). Set you LAN connection settings in Internet
Explorer to look for a Proxy, and then put in a bogus IP address. When they
go into IE, it will not work.

Cost = 0
Security = Low
Effective = High, unless someone catchs on (they have'nt here).

An additional benefit is that when you want to service their machine, you
can quickly and easliy undo the check box and go online to do your work.
Just don't forget to re-check the box when you are done.

Hope this helps.

Rick Gors

-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Wednesday, October 02, 2002 5:38 PM
To: vantage@yahoogroups.com
Subject: [Vantage] External Email =YES Internet = NO


Is there anyway that I can let a user have external email from my ISP
Then turn around and block them from accessing the internet

Background
SERVER's = NT4
FIREWALL = Sonic Wall Pro 200
CLIENTS = Mix Mostly 2000 - A couple NT4 WS - A handful of WIN 98
boxes

Group policies?
Can this be done?

Thanks gang

J.P. Piper
Systems Administrator
MECO, Inc
2121 S. Main St
Paris, IL 61944
(217) 465-7575 ext 201
Fax (217) 465-5230
Email: admin@...




Yahoo! Groups Sponsor
ADVERTISEMENT




Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[Non-text portions of this message have been removed]