Windows 2003 Server and denying DNS/NAT requests

  • simpleminded
  • Newbie
  • Newbie
  • simpleminded
  • Posts: 14
  • Loc: Arlington, VA

Post 3+ Months Ago

I have a domain setup in which I have multiple users some of which I want to have internet acces and others that I want to deny access to. I have DHCP enabled on the server and have a scope large enough to cover the systems that should have access. I have RAS enabled using NAT for throughput to the internet. I have DNS requests forwarded to my ISP. I want to be able to restrict certain users from using my server to access the internet. If anyone could help me with this I'd greatly appreciate it. Thanks in advance.... :)
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6376
  • Loc: twitter.com/unflux

Post 3+ Months Ago

from what i understand you can't do this server-side, but I'm not 100%
sure about that. The only thing I can think of is to deny specific IP's from
being forwarded either through RAS or from a router itself. But that's
probably about wehre you are with this thought anyway, so I guess I'm
not much help on this one. :?
  • simpleminded
  • Newbie
  • Newbie
  • simpleminded
  • Posts: 14
  • Loc: Arlington, VA

Post 3+ Months Ago

Thanks for the reply. I figured out that all I needed was a good software firewall program. I'm using Norton Firewall Corporate edition which is allowing me to do all of the above and more. I can limit pop-up adds to my users as well as block entire subnets. Its working great. If anyone uses this at the server level though. I must warn you that you cannot under any circumstances, even after you think you have the firewall set-up correctly, enable automatic starting for the firewall. Windows server services require certain network functions during startup that the firewall messes with. You must manually enable it each time you start or restart the server. This can be done manually through the Norton interface or you can write a script to do it. You have been warned.... :wink: I had to rebuild from scratch once.... :x

BTW: Thanks again for the help.... :D
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Good info simpleminded.
Thanks. I'll keep that in mind as I have had some thought about doing similar.

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 34 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.