Limiting the access to internet for a small network


I've got a network with 10 client computers connected to a switch then and into a NIC on a "server".

The server is used to provide a training software over the LAN. The client computers have thus not been required any internet access.

Now the training software is being moved into the cloud instead and each computer needs internet access, but I don't want to bridge the connection on the server with the WAN interface.

In the best of worlds, I want to limit the internet access on the clients to Only the training software URL.

I've looked at software such as SiteKiosk but I don't know what the best and cheapest solution is.

Any suggestions?

Filip Ekberg

Posted 2012-05-16T08:18:24.543

Reputation: 591



The best solution is to move the Internet connection to an appropriately configured firewall router.


A cheaper solution may be to run a HTTP proxy on your "server". For example Squid (you don't say what operating system so I guess some flavour of Windows). Apparently this can be set up to block access to everything but one or two websites of your choice.

Since the clients rely on the "server" for Internet access, you can force them to use the proxy. No need for bridging. You may also need to provide the clients with hostname resolution for the target website(s) using either hosts files or local DNS service.

There are other proxies, you may prefer something other than Squid.


Posted 2012-05-16T08:18:24.543

Reputation: 70 632

I prefer the kiosk application solution before that actually. – Filip Ekberg – 2012-05-16T09:17:51.380

@Filip: Perhaps, in order to avoid asking a shopping question about kiosk software maybe you could edit the question to explain the problem you have with SiteKiosk.

– RedGrittyBrick – 2012-05-16T09:23:05.827

I don't have any problems with SiteKiosk. But your solution introduces more hardware and needs much(?) more configuration, hence not really cost effective. And I want a cheap and good solution. – Filip Ekberg – 2012-05-16T09:25:33.650

@Filip: I accept that a firewall isn't what you want, that's fine by me. I don't understand why you don't use SiteKiosk - is it too expensive? Are you only looking for a cheaper SiteKiosk? – RedGrittyBrick – 2012-05-16T09:37:41.660

SiteKiosk is my only option at the moment, I want to find cheaper / better solutions. SiteKiosk costs about 149EUR per client computer and then there's the configuration on that as well. Maybe a firewall is cheaper than that. – Filip Ekberg – 2012-05-16T09:43:05.827

Is the setup/configuration of Squid easy on Windows 7? – Filip Ekberg – 2012-05-16T10:34:28.120


If you've after a poor man's solution, and you're running Windows + Internet Explorer (or Chrome) and can lock down the machines with Group Policy, consider:

  1. Setting the proxy in Internet Options to
  2. Adding a proxy exception for *
  3. Disable access to Internet Options

Posted 2012-05-16T08:18:24.543

Reputation: 13 727

Sounds interesting. So I can create some policies with the admin account, then have the normal account that applies these policies? – Filip Ekberg – 2012-05-16T10:48:28.193

@FilipEkberg Yes, through gpedit.msc or if they're joined to a domain you can use the group policy editor on the server and apply it to the clients. – – 2012-05-16T23:11:11.353

Cool. They're not in a domain. – Filip Ekberg – 2012-05-18T08:52:04.017


Using the IE Content Advisor to block all Internet access

procedure to block all Internet access and allow only approved sites using the FREE content advisor found in Internet Explorer.

nice thing about this is that you can still get internet access as long as you know the password. In case you need it yourself. I use it to block all except for a local intranet site on certain computers that are public.


Posted 2012-05-16T08:18:24.543

Reputation: 3 452


Do you need the server any more that used to run the training software?

You could set it up with untangle which is a free firewall based on linux.

Then you could add the lite version of the web filter plugin. I've not got a server set up to test it on but I guess you could probably create a rule with the address as "*" and set it to 'block' which would then block all urls. Then create rules set to 'allow' for the sites you want.

You would then place this server between the internet gateway and switch that all the computers are connected to.

Tom Jenkinson

Posted 2012-05-16T08:18:24.543

Reputation: 282