How to block access to a subnet without personal firewall

1

I'm a developer and frequently have to run some tests. I work at a branch office and the servers are located at the head-office.

The branch office and the head-office are linked together by an hardware VPN box.

It has happened once or twice already that I connected to the live servers while I actually meant to connect to a test server in my office. Every time I noticed, but it is dangerous.

What I would like to do is block outgoing packets to the subnet of the Head-Office temporarily so that I can safely run my tests without the risk of mistakenly apply changes on production servers.

I could install an personal firewall for that and block the range, but I think it may be overkill? I am thinking there may be a lighter way, with the routes command maybe?

I'm working on Windows XP.

Thanks.

Kharlos Dominguez

Posted 2010-08-03T12:20:53.867

Reputation: 255

Answers

1

Are the IPs the same but on different subnets? If they are you can use the route command.

If not, you can block those IPs with the hosts file in c:\windows\system32\drivers\etc.

You can add entries for the IPs that you want to keep yourself from accessing, and reroute them to 127.0.0.1 (localhost) so it won't connect. You can keep 2 hosts files and just swap them out.

There's a nice tutorial on route here.

edit: I realized you could use route also even if the IPs are different, I was just hung up on the hosts file. You can use route to redirect that IP to a non-existent subnet or gateway so it won't connect and use that with a batch file.

JNK

Posted 2010-08-03T12:20:53.867

Reputation: 7 642

Can you please show me an example?

I am on 192.168.90.* / 255.255.255.0 and the head-office is in 192.168.100.* / 255.255.255.0

My office router/gateway is 192.168.90.1 and the head-office gateway is 192.168.100.1.

Thanks. – Kharlos Dominguez – 2010-08-03T14:33:54.360

Actually route may not work. I am experimenting with it now but it tests your gateways. You can specify the incorrect gateway which may work, but I think you will still be able to get there. Try ROUTE ADD 192.168.100.* gateway 192.168.90.1 – JNK – 2010-08-03T14:46:14.860

It tells me : ROUTE: bad gateway address gateway – Kharlos Dominguez – 2010-08-03T14:49:45.163

Then I'd say use the hosts file. Do you know how to do that? – JNK – 2010-08-03T14:55:35.467

Yeah, but it does not work either. To my knowledge, hosts file can only redirect host names and not IP addresses. it works to block the host name but not by IP addresses... Some tools I have to use have hard-coded IP addresses unfortunately so I can't just rely on hostname blocking... – Kharlos Dominguez – 2010-08-03T14:59:28.563

The firewall sounds like the best path. You can import and export the settings in one click. – surfasb – 2011-03-21T13:18:47.430

@JNK, Applications are free to ignore the hosts file. It wouldn't work unless the application specifically use it.... – Pacerier – 2013-08-15T20:30:49.233

Asked: 2010-08-03T12:20:53.867

Viewed: 1 806 times

Active: 2010-08-03T12:34:50.773