Disabling client PC on LAN

[24653]

hello,

i have a querry to make which is as given.

Suppose i have a standalone LAN with the server on Linux OS and all the client PCs on windows, how do i disable client to client access for these PCs.

i.e these clents can only communicate with the server for FTP etc but shoud not be able to communicate with each other.

Is there such a provision ???

[ɹəuəllıʍ ʇɐb]

Welcome to the Windows Forum.

I am moving your post to our Networking Board, where it has a better chance to be addressed.

[Seshomaru Samma]

one way would be to block all ports on the clients except 21 (or whatever you are using) for FTP

if you need them to access the web then keep port 80 open.

you do that through Start Menu -> Connect To Item (on the right hand side) -> Local Area Connection ( right-click popup menu PROPERTIES item -> Properties button on left-hand side bottom, press/click it -> NEXT SCREEN (Local Area Connection PROPERTIES) -> "This connection uses the following items" (go down the list, to Tcp/IP & select it & /click the PROPERTIES button there) -> Press/Click the Advanced Button @ the bottom Right-Hand Side (shows Advanced Tcp/IP Settings screen) -> OPTIONS tab, use it & Tcp IP Filtering is in the list, highlight/select it -> Beneath the Optional Settings, press/click the PROPERTIES button on the lower right-hand side -> Check the "Enable Tcp/IP Filtering (on all adapters)" selection -> In the far right, IP PROTOCOLS section, add ports 6 (tcp) & 17 (udp) -> In the far left "tcp ports" list - check off the radio button above the list titled "PERMIT ONLY", & then add ports you want to have open

If your users are computer savvy they can circumvent it by using an IM client that uses port 80 or even port 21. If this is an option then set your server as an internet gateway for the clients. Run a proxy server like squid and define what, how and which users can do what.

[homecomputeraid]

I can't envision a pretty or elegant solution. On the networking side, you could get a switch cabable of creating Virtual Local Area Networks (VLAN's) and put each switch port for each PC in its own VLAN, then route traffic using an Access Control List such that traffic from PC VLAN's to the Server is permitted, but traffic between PC VLAN's is not. There may be a way to configure a software firewall on each PC to permit traffic to and from the server but deny other traffic.