Segregating Internet and Local Network Traffic

[Piyono]

What's the best way to set up a workstation so that it can participate in local network activities but has no access or controlled access to the internet?
With Win98 I remember being able to bind different network protocols to different tasks on a single NIC, but I don't see the facilities to do that on XP Pro.

The goal is a streamlined music production PC which requires a network connection for backup and some audio-specific ethernet-enabled distributed processing tasks, but that can run without a firewall, antivirus and other such resource-hogging background processes.
Internet connection should be available if need be for authorization and updates and the like.

Is it possible with a single NIC?

Piyono

 

[blakerwry]

you could do one of several things...

Put a false proxy into the web browser... doesnt actually block internet access, but will stop someone from using the browser (assuming they dont know much)


Remove the default gateway in network settings... one step better, does prevent actual internet access while allowing local subnet activities... however it requires a static IP assignment and can also be easily circumvented.


Install a firewall... I know you said you didnt want one, but they can often be controlled to block access entirely or just to certain places.


ps. The place you're familiar with on win98/NT for bindings is available through the advanced menu in the main screen of Network connections in both Win2k and XP.

 

[Fushigi]

I prefer the no default gateway approach. Least system overhead and apps, like malware, that wouldn't necessarily use proxy settings will still be blocked.

Also, if your router/firewall appliance does MAC filtering, disallow that MAC address.