Configuring an Intranet?

[leSLIe]

My uncle asked me for help configuring an Intranet for his small business workgroup (6 PCs with Win7) all of which have Internet access, mostly like this: Internet router -> switch -> 6 Pcs.

Right now, all the 6 PCs have Internet access and of course access to the company email (Bluehost) But he wants only 2 Pcs to have Internet access, and the remaining 4 access only to the company email (without being able to browse Internet) I have no idea about configuring an Intranet, any ideas of how-to guides? Maybe using the plugin at the hosting site (Bluehost)? Or maybe getting a new PC to act as a server?

 

[Nate7311]

You'll need some sort of webfillter to accomplish this. Either by via the Router itself only allowing specific IPs access to the full internet, but ALL IPs access to Bluehost. Or do it in software. You MIGHT be able to do it via OpenDNS, it's the exemption of the 2 PC's that's questionable.

 

[leSLIe]

Either by via the Router itself only allowing specific IPs access to the full internet, but ALL IPs access to Bluehost. Or do it in software.

How do you filter all the Internet but a site?
It's a crappy ZTE internet router

 

[Nate7311]

Then you'd have to replace the router with one that can do filtering.

 

[RocketTech]

Any router/security device supporting whitelists. I've used SquidGuard on pfSense to block all but a handful of sites; it worked well.

A whitelist is the only way I'm aware of to block all websites except what is explicitly allowed.

 

[leSLIe]

Any router/security device supporting whitelists. I've used SquidGuard on pfSense to block all but a handful of sites; it worked well.

A whitelist is the only way I'm aware of to block all websites except what is explicitly allowed.

Whitelist? Maybe it has some weird technical name?
the router does support some stuff...

 

[XOR != OR]

How do they access their email? Is it a web interface?

 

[leSLIe]

How do they access their email? Is it a web interface?

Right now they use Thunderbird, but it can also be accessed through a webmail "mail.domainname.com" using an Internet browser

 

[XOR != OR]

Right now they use Thunderbird, but it can also be accessed through a webmail "mail.domainname.com" using an Internet browser

And what does your uncle mean by blocking the internet on those four machines? Does he just want to prevent them from web browsing?

I see a couple different ways to handle this without additional hardware, but it depends on what the requirements are.

 

[RocketTech]

'URL Block' in the screenshot may do it, but it sounds like a blacklist (block specific sites) rather than a whitelist (block all but specific sites).

 

[leSLIe]

'URL Block' in the screenshot may do it, but it sounds like a blacklist (block specific sites) rather than a whitelist (block all but specific sites).

yes, it's really a simple table where you put the blacklisted URL, like Facebook for example...

 

[RocketTech]

Get your Uncle to spring for a better router. Any other method is not worth the time it takes to administer/troubleshoot it. Something that runs openWRT like TP-Link routers would be good, or some of the small business Cisco gear.
I wouldn't want to get involved on editing settings on individual machines every time a change is needed.

 

[leSLIe]

I see. What would be a good router (or switch) for DSL internet?

BTW does Untangle support whitelist like that? Block all but allow some?

 

[RocketTech]

I would think so, but I'm more familiar with pfSense. pfSense will also run on very modest hardware. http://wiki.openwrt.org/toh/start has a list of hardware supported.

Cisco RV110W or Cisco RV180W would be a good out-of-the-box small business router, no need to flash to get more features.