Blocking internet access for 1 PC behind NAT

Discussion in 'Cisco' started by Dave Watson, Feb 2, 2005.

  1. Dave Watson

    Dave Watson Guest

    Hi,

    I need to block access to the internet for 1 PC that connects to an 837 in
    NAT mode that uses a /24 private IP range and 1 public IP adddress on the
    WAN side. The router uses Ethernet0 and Dialer0 for the 2 interfaces at
    both sides of NAT and the PC in question is used in a stores room that only
    needs access to an internal databse.

    Can anyone help and assist me with the command line for blocking all net
    access for e.g 192.168.0.7 ?

    TIA,

    Dave
     
    Dave Watson, Feb 2, 2005
    #1
    1. Advertisements

  2. There is more than ony way to accomplish this. Maybe a
    simple access list...

    !
    access-list 11 deny 192.168.0.7
    access-list 11 permit any
    !

    ....which binds (incomming) on eth0...

    !
    interface eth0
    ip access-group 11 in
    !


    ....will do the trick for you. But beware of cut yourself from
    the telnet access ;-)!
     
    Gerald Krause, Feb 2, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.