Firewall Config - Block access to the internet

What command would I use to block all internal access from a LAN, from reaching the internet?
Thanks

Hi
Well there are a number of ways to do it. One way -
local LAN 192.168.1.0/24
remote LAN 172.16.5.0/24
access-list acl_inside permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0
access-list acl_inside deny ip 192.168.1.0 255.255.255.0 any
access-group acl_inside in interface inside
Couple of things to be aware of.
1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.
2) I'm assuming this is a pix firewall - is this the case ?
HTH
Jon

Similar Messages

  • Is there any way to block access to the internet?  Allowing only calls and texts?

    I want to be able to block access to the internet on LG Revere 3 and just allow phone calls and texts.  Is this possible?

    Never mind...I got Verizon to put a data block on the line

  • Possible to control/block access to the internet while using itunes,etc?

    Parental control. I would like to require a password for access to Safari, etc, to control computer privileges - while keeping itunes, Pages, iphoto,etc open. I want to listen to my playlist without opening internet access to the kids. It must be possible!

    Hi jarileys, and a warm welcome to the forums!
    Did you set up Managed Accounts in System Preferences>Accounts for them?

  • I have accidentally blocked Firefox's access to the internet, how do I unblock it?

    Earlier I saw a popup while I was browsing that said that Firefox was trying to access my internet, and at the time this seemed suspicious. I don't know why, but I pressed "block" which, in return, blocked my entire access of the internet through Firefox. I tried reinstalling Firefox, and I also tried to do stuff with the firewall but I didn't understand what to do. How could I allow Firefox to access the internet again?

    Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
    See:
    * https://support.mozilla.com/kb/Server+not+found
    * https://support.mozilla.com/kb/Firewalls

  • I installed dreamweaver on Windows. After installing it, it blocks my  access to the internet. Solution? I discarded it and it was okay, but I need both dreamweaver and internet acces.

    I installed dreamweaver on Windows. After installing it, it blocks my  access to the internet. Solution? I discarded it and it was okay, but I need both dreamweaver and internet acces.

    See iPhone DFU mode explained, and how to enter DFU mode.

  • Why do I have to allow or deny iTunes or any other software, access to the internet?

    Why do I have to allow or deny iTunes or any other software, access to the internet?
    I've had my MBP with Leopard since the summer of 2010. From then till this past spring, I have had my firewall on and when opening a program that needs internet access, such as: iTunes, Vuze, various office products, without a problem.
    Since this spring, each time I open the above software, I have give permission (allow/deny) internet access. So, this isn't a prolem really, I'm just curious why this is happening.
    Processor: 2.66 GHz Intel Core I7
    Memory: 4 GB 1067 MHz DDR3
    OS X 10.6.8

    Did you install Little Snitch (or Hands Off)?  It will post a dialog to allow/deny apps calling out if you don't allow it to record what it is to permanently do if it sees the same call again from the same app.
    Little Snitch will post a dialog with allow/deny buttons.  But there is also three tab buttons; once, until quit, forever. "Until quit" is the default.  So it won't nag about the same call again until that app quits but it will if you relaunch that app and the app makes the same call out.  Choose "once" will allow that one call to be placed but will cause LS to nag the next time that app tries to call even if you haven't quit.  Choose Forever and it will never nag again about that specific all attempt.
    You need to train LS which apps you want to permit calling out and which ones you never want to allow calling out.  You will of course initially be nagged quite often as you are seeing.  But if you train LS to always allow the ones you want to allow eventually there will be fewer and fewer dialogs since your habits don't change that radically in the way you use your own machine.

  • Why does iPhone backup require access to the Internet?

    While syncing my iPhone, iTunes first performed a backup. My firewall reported that the backup phase of the sync required access to the Internet. Why would the backup require access to the internet unless it was sending some information?
    This makes me a bit worried that some of my personal data is being sent to Apple without my permission.

    Whenever your phone is synced and iTunes recognizes there are new crash reports, a program called MDCrashReportTool sends these reports to Apple. Apple then funnels the reports to the correct app developer's iTunes Connect account. No personal information is transmitted.
    If this bothers you(it shouldn't), you can turn off the sending of the crash reports:
    Right-click on the phone in iTunes, and click "Reset Warnings." The next time you sync, itunes will ask if you want to send the reports. Un-check the "Do not ask me again" option, hit "Don't Send," and you're good to go.

  • RD Web Access From The Internet/External

    I’m requesting help with accessing from the internet (external web) a RD Web Access Connection (SSL) that I setup and configured on a Windows 2008 R2 Server.
    My setup is as follows. All server rolls are configured and running on one Windows 2008 R2 Server (VM).
    1.      
    Remote Desktop Services
    a.      
    RemoteApp Manager
    b.     
    Remote Desktop Connection Manager
    c.      
    RD Gateway Manager
    d.     
    RD Session Host Configuration
    e.     
    Remote Desktop Service Manager
    f.       
    Remote Desktop Licensing
    2.      
    Web Server (IIS)
    All my configurations are working perfectly internal/intranet. I can access all published applications and remote desktop connectivity via (SSL) from IE 9 web browser.
    The URL that is used internally is: (https://ServerName/RDWEB).
    When I attempt to connect via the internet I’m getting an “Internet Explorer cannot display the webpage” message.
    I’m using Dynamic DNS to access the server hosting the (IIS Remote Access Web Page URL), example (https://DDNS/RDWEB). I’ve opened ports 443 & 80
    on my Untangle firewall, also port forwarding for 3389.
    Any and all help will be appreciated.

    Freek,
    Thank you for your response. I tested Telnet as you suggested, and both FQDN and IP address were able to establish a Telnet connection to my RD Web Access Server.
    The “NSLOOKUP” resolved the DNS server name. Also, I am able to us the IP address, URL (https://IP/REWEB) in IE9 to browse to my RD Web Access Server site. The above should confirm DNS IS working correctly within my internal network.
    My connection issue is from external/internet access to my RD Web Access Server site. All my networked devices (internal) are natted IP assigned behind an “Untangle
    Gateway” firewall and routable internally only.
    Although, I’ve opened ports, created firewall rules to pass traffic on ports 443, 3389 my problem still exist. Since my internal natted devices are not routable
    from the internet, I am using a DDNS host URL from (www.dyndns.org) to route from the internet to my internal site server. As it stands now, I suspect the problem maybe at the Untangle Gateway”. I will focus my attention there.
    Thank you again for your help.
    Aubrey R. Martin

  • How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling?

    How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling? It is installed on my home network behind my TWC broadband router.

    Ok.. since the TWC modem is also a router.. all configuration takes place on this box.. NONE whatsoever takes place on the TC.
    There is no airport utility 7.7.3 but there is a firmware of that number for the latest AC model TC..
    Is it tall like this.
    Then it is Gen5.
    otherwise it will have a firmware.. 7.6.4 or earlier and the airport utility must be 6.3 or earlier.
    Open the Airport utility and give us a screenshot of the summary page.
    That will also help us determine that you have the TC, which version and how it is setup.
    You might want to press the edit and also give us the Internet and Network tab as they should be set correctly as well.
    I have created a DDNS through DYN.com although I am not sure how to implement this into the TC.
    You do not do anything in the TC.. set it up in the Ubee router.
    Port forward 548 to the TC in the Ubee router.
    And make sure the TC has a static IP in the Ubee router.
    Overall if you find this too hard I strongly recommend you buy a product designed for remote access .. eg WD MyCloud.. they are cheap and easy peasy to setup for remote access.. by PC or Mac and since it is built outside of Apple you not bound up in Apple limitations built into all their equipment to prevent you using it the way you want.. rather than apple want you too.. eg BTMM and iCloud being the only way apple provide for access to the TC and only when it is the main router of the network.
    You are fighting hard because Apple made this hard.. not easy.

  • How do I Set up a LAN with no access to the Internet?

    I have a Solaris 10 (08/07) [No longer can acess the internet]
    full install on one system, and Solaris 10 Developer Edition (09/07) on another system. Each has been auto-configured upon installation, and have reached the Internet, and registered at Sun Microsystems, from behind a router and cable modem.
    I want to create a Local Area Network, using a 4 port Netgear Ethernet Hub, model EN104tp, Each of the Solaris 10 systems, a Windows XP Pro system, and a Windows Media Edition LapTop. +(Which I want to have additional admin control, and access to the Server, from!)+
    My problem is this!
    1) Do I have to change any files to eliminate, the access to the internet from the two Solaris machines via router and cable modem? If so which, and, how do I? +(I intend for the LAN to be isolated from the internet)+
    2) What are the step by step, to set up a LAN?
    I can't seem to find that info anywhere. Maybe I am looking in all the wrong places...
    I appreciate and Thank You in advance for any help...

    The only difference between LAN and Internet is the size.
    Depends on how you define LAN -- it may be multiple subnets glued with routers or just one big or small subnet with bridges, switches and/or hubs or simply a crossed UTP-cable..
    If you don't have routers then you won't need a /etc/defaultrouter (rm -f /etc/defaultrouter; /usr/sbin/route -fn)
    You should use RFC-1918 addresses; i.e. chunks with a suitable mask of your choice as parts or whole of 10./8 (10.0.0.0 - 10.255.255.255), 172.16/12 (172.16.0.0 - 172.31.255.255) and/or 192.168/16 (192.168.0.0 - 192.168.255.255). Example 10.0.0.0/255.255.255.0 for a (256-2=)254-node subnet; 10.20.30.40/255.255.255.252 would suite a crossed-cable subnet perfectly.
    A DHCP-server would be nice for PC's. Solaris can do that (/usr/sadm/admin/bin/dhcpmgr).

  • How to connect my Macbook with an ipad mini in order to have an access to the internet on my iPad?

    Dear fellows, I am having a trouble in how to connect my mac with an iPad mini in order to have an access to the internet.

    If you are attempting to share your iPad mini's cellular data connection with the MacBook, please check out the following Apple Support article for additional details on how to do so.

  • How can I set up and email address for my grandson without giving him general access to the internet? email only

    My grandson's school needs him to have his own email address. For some reason, his is not able to use my address. I do not want him to have general access to the internet. His older brother caused my computer to be infected with a virus in a very short time. It took three weeks and one hundred dollars to get the use of my computer back.
    I do not want him to have access to the internet, but his school wants him to have an email address to communicate with him about school work. I am concerned that once he has an email address, someone (not the school) will send him a web site address in a message and he will be able to just click on it to get into the internet.

    You can use an email program (e.g. Outlook Express or Windows Live or Thunderbird) and disable HTML for that email (text only mode) to access the email account. You can create a new email account if your your ISP supports it or use a online service that allows POP3 access with an email program (most popular services allow that).

  • Is there a way to create a password for Firefox so Firefox is denied access to the internet without this password?

    Is there a way to create a password for Firefox to deny Firefox access to the internet?

    There is the Profile Password extension, but it is easily bypassed by using the Firefox SafeMode.
    http://nic-nac-project.de/~kaosmos/profilepassword-en.html#PPFF
    Another thing you can do is to set your Homepage to a website that you have a password logon saved for and use the Master Password feature. It won't completely stop someone else from using the internet but it will slow them down or make it appear they need a password for access.
    https://support.mozilla.com/en-US/kb/Protecting+stored+passwords+using+a+master+password

  • I'm not able to access to the internet with my ipod ..help! Non riesco a connettermi su internet via wi-fi !

    Salve, ho appena comprato il mio ipod di 8G..  connettendomi wi-fi al router di casa mia, aprendo safari (o le altre applicazioni che richiedono la connessione internet) spunta la finestra con scritto "Impossibile aprire pagine, Safari non può aprire la pagina perché non è connesso a Internet" Ho provato e riprovato, ma niente! Spero possiate aiutarmi, grazie! :)
    Hello, I've just bought my ipod (8Gb)... even with the wi-fi I'm not able to access to the internet, opening any app that needs internet my ipod shows this " Cannot open page, Safari cannot open the page because it is not connected to the internet"  I tried and I tried but it was useless..! I hope You can help me! Thank you and sorry if my english isn't right

    I can connect to the site using another computer on my network. It's completely isolated to my iMac.

  • After upgrading to the latest version of firefox. I can no longer access the internet and all traces of Mozilla Firefox are gone from my computer. I have no access to the internet, my home page or my e mails. What can be done??

    I have been using firefox for years. I downloaded the latest version and at the conclusion of the down load I was refussed access to the internet. Something about Proxy???? I checked my firewalls and security and they said that mozilla was allowed but everytime I attempt to gain access I am refused. I cant access the internet and I cant download another program to access the internet. I uninstalled Firefox and attempted to reinstall but after uninstalling Firefox I have no means to reinstall because there are no traces of it on my computer and I no longer have access to the internet. What do I do? I cant access my e mails, stored messages, favorites etc etc.

    No. After I select "Choose" the dialog box expands to provide only three choices. This is a new bug. I have only seen it in the past week or so, but it is maddening. I have observed that, while the Mozilla Foundation focuses on trivialities like which search engine should be the default, the Firefox application becomes buggier and buggier. Most of my family has switched to Chrome, and I will be following shortly. Firefox used to be a great program. Not any more. Getting assistance with a problem has also become very difficult.

Maybe you are looking for

  • How do i get a search bar

    i reloaded firefox this morning,trying to get search bar,didn't get it,i have windows 8. what am i doing wrong? without it i can't search please help,thank you,puggy

  • Video Ipod not being read by CPU(Need Help other post did not help)

    My 30G Ipod is not being read by the coumputer, I tunes, or even the Ipod restore software. When i plug in my pod it turns on and charges...i can play music. When i turn it off there is a battery symbol and it says charging...i reinstaled ipod softwa

  • What is the best way to connect a daba base from a desktop swing aplication

    I have a java deskopt application which has to connect to a oracle(10g) data base for make some transacctions such as find, insert,delete, update and others batch processes. What i want is to minimize the time that this aplication has to connect to t

  • User Exit for sale order for adding a new partner

    Hi i am having the Scenario to add a new partner in  sales order in both VA01 / va02 transaction . i am using the exit named MV45AFZZ .   (USEREXIT_MOVE_FIELD_TO_VBAP) for this scenario. Its perfectly working for VA01 , but not VA02 .. why .. can any

  • Playbook reset - 3 buttons don't work

    So we are trying to wipe the playbook and pass on to another user for testing....however, the playbook automatically logs on to the wireless network but can't complete the registration because of the blackberry agreement and an issue with the proxy.