Networking but no internet

[ef37a]

I have a W7 laptop and two W7 desktop computers. The desktops are networked via copper and the lappy uses wi-fi of course.
Sometime in early 2020 I want the 3 machines off the internet. I shall buy a modest W10 laptop for that duty.

My question is, can I leave all these PCs networked so as to swap files and share a printer but not have internet on them please?

Dave.

[Hugh Robjohns]

Yes. There are several ways of doing it.

The simplest is probably to pick up a second hand modem/router (if you don't have one lying around) which you can set up as a DHCP server and wifi hub for your closed network, and you just don't give that device access or a connection to the interweb.

You would then need a second (your current) modem/router connected to your broadband for your internet access.

This way you'd end up with two wifi networks, one for your live internet access, and one for your closed internal network. Your new W10 laptop would be able to log into either, of course.

With a more sophisticated modem/router you can have a single combined network and setup restrictions on which I addresses can see the interweb and which can't... but that's really beyond my safe knowledge zone so I'll leave it to others to discuss that option.

H

[Eddy Deegan]

If you don't want to involve additional hardware and are willing to spend a few minutes manually configuring the machines you want to keep off the internet, you could leave them connected to your existing router.

In the DHCP settings for your router (I don't know what model you have, but most allow this) you can probably restrict the range of IP addresses it gives out. For example on mine it looks like this:



My router has the internal IP address 192.168.0.1. Note that I've set the starting address to 192.168.0.10, which means that I am free to manually use the IP addresses from 192.168.0.2 to 192.168.0.9 on anything I want in the knowledge that they will not have an IP address conflict with any addresses automatically allocated by the router.

If your router has that ability, set it up in a similar fashion then manually configure the TCP/IP properties on the machines you do not want to have Internet access such that they each have a different IP address in the range that DHCP will not conflict with (for example on my network that could be 192.168.0.2, 3 and 4).

After making this change to your router configuration, or if you encounter IP conflict errors while performing the manual configuration described below, you may need to reboot one or more devices on your network if those devices were previously allocated an IP address in the range you have now excluded from DHCP (but this is a one-off thing).

Now you can manually configure the IP address, Network Masks and Default Gateway on each machine you want to prevent from accessing the outside world. The network mask can be virtually anything so long as it's the same on all 3 machines. I'd recommend using 255.255.255.0.

Then configure the default gateway on each machine to be the same as the IP address of that machine.

Here's how the config would look (obviously each machine would have a different IP in the range you've excluded from DHCP):



Once this is done the 3 machines will be able to talk to each other but will not be able to access the Internet. If your subnet mask is the same as that allocated by the DHCP server (most domestic ones these days default to 255.255.255.0) then they will also be able to talk to any machines on your local network that are using DHCP.

[ef37a]

Thank Eddy but I had enough of trying to sort out IP addresses when I had a network camera!

Hugh, your idea seems workable. I do in fact have a Talk Talk moden/router that feeds an 8 way gigabit switch because I have 2 PCs on the network, was 3, plus a NAS drive and a smart TV so maybe I can configure the switch not to accept internet or the TT router not to pass it through?

I do not want to lose the wi fi from the router because it is a very powerful one (TTlk themselves are *holes but their router is great).

The switch is at least 5 years old, Maplins so I might need to upgrade it?

Ta' all.

Dave.

[Temp]

Could you not just use a regular router/hub with nothing plugged into the WAN port(s)? Something like this should suffice:

https://ebay.us/CpYdgM

It's got 4 Gigabit LAN connections and dual band WiFi, so should be pretty snappy. If you need conditional access to the internet (i.e. a machine that can get on the web), there's an easy to follow tutorial here:

https://www.youtube.com/watch?v=Uj5MWr3Lcoc

Cheers.

[ef37a]

Could you not just use a regular router/hub with nothing plugged into the WAN port(s)? Something like this should suffice:

https://ebay.us/CpYdgM

It's got 4 Gigabit LAN connections and dual band WiFi, so should be pretty snappy. If you need conditional access to the internet (i.e. a machine that can get on the web), there's an easy to follow tutorial here:

https://www.youtube.com/watch?v=Uj5MWr3Lcoc

Cheers.

Sorry, I don't really understand that. Note, I do not want to replace my TT router for wi-fi.

Dave.

[Hugh Robjohns]

I think he's suggesting the same as I did: use a separate modem/router for your internal isolated network (with nothing plugged into the ADSL/WAN ports).

However, if you take that approach you will inherently have two wi-fi networks in your property. One from your existing internet-connected TalkTalk broadband system, and a separate one for your newly isolated and independent internet-free internal network.

Obviously, your new W10 laptop can log into either wi-fi network as you desire, but not both at the same time.

If you want to be able to access both the internal isolated network machines and the Internet at the same time from your new W10 laptop, you will need to have everything connected on the same network system, and get into the kind of IP addressing that Drew described above to prevent certain devices being able to see the interweb.

[CS70]

Dave, not wanting to deal with IP addresses when making a network is like not wanting to deal with electricity when making an amplifier

There's nothing mysterious about it. With most home routers, every time something comes from the internet (the "gateway" that connects your lan with the nearest trunk) it's passed to all computers on the lan, and vice versa they all can use the gateway.

That's the default because usually people who connects pcs on a LAN want to see the internet without any configuration

In any router worth more than $1, you can explicitly exclude some computers from this automatic mechanism.

There's quite a few ways to do that, and which one depends a bit on your router. Which model is it?

All that said, there's a bit simpler (even if less elegant) solution, which is to use the firewall software on the individual computer itself to block anything that doesn't come from the local network. All addresses on the local network are like 192.168.x.x (the "private network" mask) so you can happily block all else. You'll have to do the same in every pc you want "off" the internet.

Obviously that won't protect you from a trojan horse attack (when one computer in your lan is subverted and becomes an enemy) but so long you have pcs in local area network, that's how it is. The only way of not having to run any antivirus or shielding is to physically keep machines off the lan.

[ef37a]

"Dave, not wanting to deal with IP addresses when making a network is like not wanting to deal with electricity when making an amplifier"

Ooo! A rather stretched analogy CS if I might say so? If the likes of Dr Hugh feel cautious about advising me about addressing I doubt it is THAT pain free!

I have been messing with computers for well over ten years, had a good dozen through my hands and I have made some of them work on a network by using the "wizards" (for which I STILL think XP was best!) I only got involved in IP matters when I bought an IP camera and had endless problems with it.

I suspect it is all a bit beyond me and so when the time comes I shall simply pull the RJ45s on the desktops and just plug in when I need to send a file, which is not often these days and I could in fact just transfer it on a USB stick. I assume the NAS drive can stay permanently connected?

BTW, what about my smart(ish) TV? What OS do they use and is it vulnerable?

But thanks for all the help chaps.

Dave.

[CS70]

"Dave, not wanting to deal with IP addresses when making a network is like not wanting to deal with electricity when making an amplifier"

Ooo! A rather stretched analogy CS if I might say so? If the likes of Dr Hugh feel cautious about advising me about addressing I doubt it is THAT pain free!

Ahah it's only sympathy: I know how you feel - I have the same attitude with anything implying soldering

when the time comes I shall simply pull the RJ45s on the desktops and just plug in when I need to send a file, which is not often these days and I could in fact just transfer it on a USB stick.

The plug in one is actually not a bad plan. Ethernet connections are super fast to establish.

BTW, what about my smart(ish) TV? What OS do they use and is it vulnerable?

Usually some type of embedded OS and yeah they are sort of colanders when it comes to security. Most often tough they dont really have memory and processing capacity to execute much even if you can take them over.

[wireman]

Thank Eddy but I had enough of trying to sort out IP addresses when I had a network camera!
.

I think this is the best way forward, it is what I would do.

[The Elf]

It seems to me that trying to avoid these computers being on the net is more trouble that it's worth. Just because they can access the net doesn't mean you have to - and if you *should* need net access with them it will make life easier!

[ef37a]

It seems to me that trying to avoid these computers being on the net is more trouble that it's worth. Just because they can access the net doesn't mean you have to - and if you *should* need net access with them it will make life easier!

So, you are saying that so long as I don't actually log on to my browser I am pretty safe?

In fact I could uninstall Fire fox (the least worse one I have found so far!)
I cannot it seems get rid of IE 11? I don't use it much except it is the only browser I have found that does "Save Target As" which I often find useful. I suppose W10 will deny me that?

Dave.

[The Elf]

Well there are no guarantees in life, but it just seems to me that you're having to jump through hoops to avoid something that most peoples' computers are doing day in, day out - sitting on the net for when they're needed.

Yes, you're going to get updates, and yes, software may dial home to discover if a new version is ready, but... your choice.

You can do 'Save Target...' with most any browser - it may just be called something else. In Firefox it's 'Save Link As...'

[ef37a]

Well there are no guarantees in life, but it just seems to me that you're having to jump through hoops to avoid something that most peoples' computers are doing day in, day out - sitting on the net for when they're needed.

Yes, you're going to get updates, and yes, software may dial home to discover if a new version is ready, but... your choice.

You can do 'Save Target...' with most any browser - it may just be called something else. In Firefox it's 'Save Link As...'

Well I assume I won't get W7 updates for much longer? All my updates are set as "notify" anyway.

I am sure I tried Save Link as Elf and all I got was the, er, link! Not the .pdf (which is what I most commonly want) But I shall give ot another do...

Dave.

[Drew Stephenson]

and get into the kind of IP addressing that Drew described above

I never said a word guv! I wasn't even here!

[The Elf]

I am sure I tried Save Link as Elf and all I got was the, er, link! Not the .pdf

Quite simply... that means you weren't clicking on the PDF file link, but most likely to a link that was taking you to where the PDF was to be found!

In Firefox, if you look at the bottom of the window when you hover over a link, Firefox will tell you what that link is - you would want something with '.pdf' at the end.

[Hugh Robjohns]

and get into the kind of IP addressing that Drew described above

I never said a word guv! I wasn't even here!

Oops, sorry... I meant Eddy...

[Eddy Deegan]

This is turning into a bit of a mountain out of a molehill.

If you want a PC on your network not to connect to the Internet under any circumstances, just set the default gateway to be the same as the IP address of the PC. It's really that simple.

The additional stuff about manual IP configurations and configuring the DHCP settings on the router is only to prevent the configuration from resetting itself on reboot. Of course you can Take It Or Leave It but it's really trivial stuff, takes little effort to set in stone forever (or until you decide to change/revert it), doesn't require additional hardware and is a lot less hassle than setting up certain printers or cameras I could mention!

[Eddy Deegan]

In fact I could uninstall Fire fox (the least worse one I have found so far!)
I cannot it seems get rid of IE 11? I don't use it much except it is the only browser I have found that does "Save Target As" which I often find useful. I suppose W10 will deny me that?

Uninstalling Firefox does not (and I think it's safe to say never will) get rid of IE but that's moot because you really shouldn't be using IE anyway. Even Microsoft say so, and only provide it for 'compatibility' purposes.

The only explanation I can think of to account for what you're saying would be if you'd previously assigned Firefox as the default application to open links, and after uninstalling it it may not have reverted that default back to IE.

Windows 10 will certainly not deny you the ability to right click and 'save link/target as...' (in whatever format the browser of choice presents that option). I do it all the time

[ef37a]

Sorry Eddy, didn't mean things to get into Civil Engineering!

I don't use IE except when FF throws a wobbly (and why does it update SO fekkin' often? )
I do get in a mess with PCs though. Only a day or so ago I got so hissed off with Oath adverts and them crashing in that I tried an ad blocker. I then recieved a very polite message from SoS that this was not good for them so I went into Options and changed 'something' . Did not stop the blocker or the message.

I then did a Restore to several hours before these events. Could not then log onto the internet at all! Reversed the Restore. Phew! Internet back but with blocker of course. Eventually found out how to stop it.
I shall content myself with pulling plugs when the time comes.

Dave.

[The Elf]

I don't use IE except when FF throws a wobbly (and why does it update SO fekkin' often? )

Because browser attacks are updated so often!

[Hugh Robjohns]

...you really shouldn't be using IE anyway.

I suspect Dave is referring to IE generically when he really means the default browser in Win 10, which is 'Edge', of course. The very similar icon means a lot of people still think of it as IE.

H

[ef37a]

...you really shouldn't be using IE anyway.

I suspect Dave is referring to IE generically when he really means the default browser in Win 10, which is 'Edge', of course. The very similar icon means a lot of people still think of it as IE.

H

I don't have W10 Hugh..yet. I have used Edge a tiny bit on my son's laptop and found it dreadful!

Dave.

[wireman]

This is turning into a bit of a mountain out of a molehill.

If you want a PC on your network not to connect to the Internet under any circumstances, just set the default gateway to be the same as the IP address of the PC. It's really that simple.

The additional stuff about manual IP configurations and configuring the DHCP settings on the router is only to prevent the configuration from resetting itself on reboot.

You need to be careful that the router does not give out the IP address you set manually on a computer to another device. Using high numbers in the range is probably going to avoid this in any case without any configuration.