I have a PC running Windows 7 driving my plasma cutter table. At the moment
it is 'stand alone' ie NOT on my local network as I don't want external
interference from the likes of Microsoft poking up dates at it. However I DO
want to communicate with it from other PCs on my local network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is 192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?

Or is there some other way that I can access this PC from my network without
giving it access to the outside world?


Any help appreciated

Andrew

Andrew Mawson wrote:

is there some other way that I can access this PC from my network without
giving it access to the outside world?

One way is to not give the plasma's PC a default gateway.

On 03/12/2016 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?


Any help appreciated

Andrew

Just change the gateway address on the PC to something that isn't your
gateway address like 192.168.2.xxx

Andy Bennet wrote:

Just change the gateway address on the PC to something that isn't your
gateway address like 192.168.2.xxx

Windows won't let you set a default gateway that's outside the subnet of
the interface's address+mask, but it will let you have no default gateway.

On 03/12/16 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?


Yes. At least with Linux.

And adding a second ethernet card is an easy way to achieve it if
windows persists in a one card, one address policy.

I found this online

"These are the steps to add the second IP address to your existing
network adapter.

Use the Start menu to open Control Panel.
On Windows XP, you may need to open Network and Internet
Connections.
Open Network (and Dial-up) Connections.
Open your network adapter.
Click Properties.
Click Internet Protocol (TCP/IP) then click Properties.
Click Advanced.
On the IP Settings tab, click Add...
Type in the new IP address then click Add.
Click OK to close the Advanced TCP/IP settings window.
Click OK to close the Internet Protocol (TCP/IP) Properties window.
Click OK to close your network adapter properties window.

That should allow that PC to connect to the plotter.. or if you do that
to the plotter, you will of course put it firmly in the domain of 'stuff
that can access the internet', and you will need to firewall it out.

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?


Yes, that you can do by:

1/. Adding a second network address in the 192.168.10.X network to your
ROUTER

If the router is reasonably well designed (many aren't) that will
automatically route any addresses in that network to the ethernet, and
hence the cutter.

However that will *enable* that PC to 'see' the internet. To stop THAT

2/. Add a firewall rule disabling
192.168.10.* from accessing any other network than 192.168.1.0


HOWEVER once you have faffed around, actually the simplest way to do
this is to move the plotter PC into the standard Internet domain - i.e
change its IP address to 192.168.1.100 or similar, and disable its
internet access.

There are different ways to achieve that: Firewalling is one. Many
routers allow you do prohibit access to the internet fir some or all
machines in the network. A

Another way mentioned by a poster, is to change the default route on the
plotter PC. To something spurious. This will mean absolutely manually
configuring the networking and not using DHCP, on that PC, so assuming
you have changed its IP address to be 192.168.1.100 and your router is
on say 192.168.0.1, you will need to make sure that the default route
is set to something spurious like 192.168.0.254

On balance this may be the easiest route to take. Give that PC a
manually set IP address and *spurious* default route (gateway) *on the
192.168.1.0 network*, and Robert should be a relative.

This is a very clear idiots guide

http://www.howtogeek.com/howto/19249...-or-windows-7/



Any help appreciated

Andrew


--
If you tell a lie big enough and keep repeating it, people will
eventually come to believe it. The lie can be maintained only for such
time as the State can shield the people from the political, economic
and/or military consequences of the lie. It thus becomes vitally
important for the State to use all of its powers to repress dissent, for
the truth is the mortal enemy of the lie, and thus by extension, the
truth is the greatest enemy of the State.

Joseph Goebbels

On 03/12/2016 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?


Any help appreciated

You can add multiple IP addresses to a network interface, and so could
add your and address on your plasma PC's subnet to one of the other
machines. That would then let the plasma PC see shared folders etc on
the other PC, but it would not have access to the wider network. That
would give you very controlled access to the LAN basically using another
machine as a stepping stone.

On a simpler level you could manually set the IP address and netmask on
the plasma PC to be on your main subnet, but don't set a default
gateway. Then it would be able to access LAN resources freely, but not
be able to route outside of the LAN.

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 03/12/2016 16:03, John Rumm wrote:
On 03/12/2016 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX
CAN ?

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?


Any help appreciated

You can add multiple IP addresses to a network interface, and so could
add your and address on your plasma PC's subnet to one of the other
machines. That would then let the plasma PC see shared folders etc on
the other PC, but it would not have access to the wider network. That
would give you very controlled access to the LAN basically using another
machine as a stepping stone.

On a simpler level you could manually set the IP address and netmask on
the plasma PC to be on your main subnet, but don't set a default
gateway. Then it would be able to access LAN resources freely, but not
be able to route outside of the LAN.

What John say is correct, but if you letting it access other devices you
open yourself up to viruses / malware, and without patches or antivirus
updates your plasma cutter pc may stop working... be careful

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On 03/12/16 16:28, Freddy wrote:
but if you letting it access other devices you open yourself up to
viruses / malware, and without patches or antivirus updates your plasma
cutter pc may stop working... be careful

Clone its hard drive.

And keep it as a spare.

That's assuming you cant e.g. run the windows inside a virtual machine,
and take a 'snapshot' of it.

Most of these 'I am there to drive a bit of hardware' PCs never change
configuration.

Things are SO much easier with Linux...


--
"When a true genius appears in the world, you may know him by this sign,
that the dunces are all in confederacy against him."

Jonathan Swift.

The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

On 03/12/2016 16:28, Freddy wrote:
On 03/12/2016 16:03, John Rumm wrote:
On 03/12/2016 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at
it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and
torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX
CAN ?

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?


Any help appreciated

You can add multiple IP addresses to a network interface, and so could
add your and address on your plasma PC's subnet to one of the other
machines. That would then let the plasma PC see shared folders etc on
the other PC, but it would not have access to the wider network. That
would give you very controlled access to the LAN basically using another
machine as a stepping stone.

On a simpler level you could manually set the IP address and netmask on
the plasma PC to be on your main subnet, but don't set a default
gateway. Then it would be able to access LAN resources freely, but not
be able to route outside of the LAN.

What John say is correct, but if you letting it access other devices
you open yourself up to viruses / malware, and without patches or
antivirus updates your plasma cutter pc may stop working... be careful

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Have just bought an Asus RT-AC68u router to replace my crap Virgin Super
Hub, in this under parental controls you can time limit internet access
via mac address but maintain network access which I do for my son, so if
you extend the time limit for a full 24hrs your cutter will be (cut) of
from the Internet

On 03/12/16 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

Shouldn't be a problem adding a second IP address to a windows Ethernet
interface.

At well as knobling the gateway 'next hop' address, there are settings
inside 'windows firewall' that could also be used to block all non-LAN
internet traffic (but do ya trust Microsoft not to have a secret bypass
to that?)

You may also want to disable the PC's IPv6 ability, if your router has
any bright ideas on connecting with that.

--
Adrian C

On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

Much depends on the workflow. They may be no reason or desire to allow
updates on the plasma PC. Chances are he has a working solution and
wants a fixed configuration, but at the same time an easy way of moving
gcode files etc to the plasma controller.

If the only thing the network connection is being used for is shifting
data files, by reading them from a shared drive, then there is little
risk to that PC.

I have a client with a similar requirement for his Non Linear video
editing platform. It has an ethernet connection to his office PC and
that is multihomed, so that the NLE PC can only see the other machines
shared drive, but has no direct internet or LAN access.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

already said he does not want that in the original post, and without
internal deployment servers there is no other way to have updates with
out an internet connection

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On 03/12/2016 16:49, The Natural Philosopher wrote:
On 03/12/16 16:28, Freddy wrote:
but if you letting it access other devices you open yourself up to
viruses / malware, and without patches or antivirus updates your plasma
cutter pc may stop working... be careful

Clone its hard drive.

And keep it as a spare.

That's assuming you cant e.g. run the windows inside a virtual machine,
and take a 'snapshot' of it.

Most of these 'I am there to drive a bit of hardware' PCs never change
configuration.

Things are SO much easier with Linux...


too many issues doing that

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On 03/12/2016 17:42, John Rumm wrote:
On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

Much depends on the workflow. They may be no reason or desire to allow
updates on the plasma PC. Chances are he has a working solution and
wants a fixed configuration, but at the same time an easy way of moving
gcode files etc to the plasma controller.

If the only thing the network connection is being used for is shifting
data files, by reading them from a shared drive, then there is little
risk to that PC.

I have a client with a similar requirement for his Non Linear video
editing platform. It has an ethernet connection to his office PC and
that is multihomed, so that the NLE PC can only see the other machines
shared drive, but has no direct internet or LAN access.


I can understand the first part. However the 2nd part of your post is my
view is plain wrong have you ever been involved in large networks with
10s of thousdans of machines. DO you know and how quickly malware can
spread if patching etc is not in place.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On 03/12/2016 17:14, Huge wrote:
On 2016-12-03, Freddy wrote:

[36 lines snipped]

What John say is correct, but if you letting it access other devices you
open yourself up to viruses / malware, and without patches or antivirus
updates your plasma cutter pc may stop working... be careful

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Not that I'm going to take anti-virus advice from someone doing this


idiot, more intrested that complaining about footers than trying to help
people.


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On 03/12/2016 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?

The easy way is too set a static IP on the subnet and don't set the
gateway to the router.

Better is to also block that static address from inbound and outbound
traffic in the firewall rules.

"John Rumm" wrote in message
o.uk...

On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

Much depends on the workflow. They may be no reason or desire to allow
updates on the plasma PC. Chances are he has a working solution and wants a
fixed configuration, but at the same time an easy way of moving gcode files
etc to the plasma controller.

If the only thing the network connection is being used for is shifting data
files, by reading them from a shared drive, then there is little risk to
that PC.

I have a client with a similar requirement for his Non Linear video editing
platform. It has an ethernet connection to his office PC and that is
multihomed, so that the NLE PC can only see the other machines shared
drive, but has no direct internet or LAN access.



John has it in a nutshell

Andrew

On 03/12/2016 18:12, Freddy wrote:
On 03/12/2016 17:42, John Rumm wrote:
On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

Much depends on the workflow. They may be no reason or desire to allow
updates on the plasma PC. Chances are he has a working solution and
wants a fixed configuration, but at the same time an easy way of moving
gcode files etc to the plasma controller.

If the only thing the network connection is being used for is shifting
data files, by reading them from a shared drive, then there is little
risk to that PC.

I have a client with a similar requirement for his Non Linear video
editing platform. It has an ethernet connection to his office PC and
that is multihomed, so that the NLE PC can only see the other machines
shared drive, but has no direct internet or LAN access.


I can understand the first part. However the 2nd part of your post is my
view is plain wrong have you ever been involved in large networks with
10s of thousdans of machines.

Perhaps I misunderstood, but I thought the OP was talking about a home
network with a few machines at most?

What is appropriate advice for one circumstance may not be for another.

DO you know and how quickly malware can
spread if patching etc is not in place.

If none of the network machines can access the plasma PC (i.e. we are
only enabling the plasma PC to reach out to a shared folder on one other
machine), then the main risk comes down to the user on that machine
running an infected binary that they have placed into the shared folder
on the "gateway" machine.

If the only thing you copy from the LAN machine are gcode files for the
plasma cutter, then I can't see much risk.

If one wants to patch the plasma machine, then doing that offline using
WSUS[1] update would seem like a more sensible option. There is
certainly no need to allow windows update lose on it.

(Perhaps less so with a plasma table, but keep in mind that CNC setups
may take tens of hours per run, and the last thing you need is a windows
or virus scan update messing with it half way through a job)


[1] http://download.wsusoffline.net/


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 03/12/2016 18:07, Freddy wrote:
On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

already said he does not want that in the original post, and without
internal deployment servers there is no other way to have updates with
out an internet connection

http://download.wsusoffline.net/

;-)


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

"John Rumm" wrote in message
o.uk...

On 03/12/2016 18:12, Freddy wrote:
On 03/12/2016 17:42, John Rumm wrote:
On 03/12/2016 16:52, Andy Burns wrote:
The Natural Philosopher wrote:

without patches or antivirus updates your plasma
cutter pc may stop working

I suspect he will allow it to have updates, but just wants to be sure
they don't interrupt a plasma cutting session ...

Much depends on the workflow. They may be no reason or desire to allow
updates on the plasma PC. Chances are he has a working solution and
wants a fixed configuration, but at the same time an easy way of moving
gcode files etc to the plasma controller.

If the only thing the network connection is being used for is shifting
data files, by reading them from a shared drive, then there is little
risk to that PC.

I have a client with a similar requirement for his Non Linear video
editing platform. It has an ethernet connection to his office PC and
that is multihomed, so that the NLE PC can only see the other machines
shared drive, but has no direct internet or LAN access.


I can understand the first part. However the 2nd part of your post is my
view is plain wrong have you ever been involved in large networks with
10s of thousdans of machines.

Perhaps I misunderstood, but I thought the OP was talking about a home
network with a few machines at most?

What is appropriate advice for one circumstance may not be for another.

DO you know and how quickly malware can
spread if patching etc is not in place.

If none of the network machines can access the plasma PC (i.e. we are only
enabling the plasma PC to reach out to a shared folder on one other
machine), then the main risk comes down to the user on that machine running
an infected binary that they have placed into the shared folder on the
"gateway" machine.

If the only thing you copy from the LAN machine are gcode files for the
plasma cutter, then I can't see much risk.

If one wants to patch the plasma machine, then doing that offline using
WSUS[1] update would seem like a more sensible option. There is certainly
no need to allow windows update lose on it.

(Perhaps less so with a plasma table, but keep in mind that CNC setups may
take tens of hours per run, and the last thing you need is a windows or
virus scan update messing with it half way through a job)


[1] http://download.wsusoffline.net/



Yes, home network with about a dozen or so machines hung off it

Andrew

On 03/12/2016 13:27, Andrew Mawson wrote:
I have a PC running Windows 7 driving my plasma cutter table. At the
moment it is 'stand alone' ie NOT on my local network as I don't want
external interference from the likes of Microsoft poking up dates at it.
However I DO want to communicate with it from other PCs on my local
network.

As the Plasma PC uses Ethernet to talk to it's various drivers and torch
height controller, it is set up currently as 192.168.10.154 so is on a
different 'sub net' from the rest of my local network which is
192.168.1.XXX

The plasma PC has only one Ethernet card as do my other PC's.

Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?

Or is there some other way that I can access this PC from my network
without giving it access to the outside world?

Is there any way you can run a command line instruction just before any
cutting?

https://answers.microsoft.com/en-us/...a-d739209f5081

That and a blank gateway IP address should make things pretty safe.

I'd have thought it was simple. If its got a wifi adaptor, the unload its
drivers and tell it not to use this device in thehardware part of control
panel.
If its a wired oonly pc which most of my home ones are, theere is no wifi,
just a network cable, so it can be unplugged

Of course one place that infection can come from is the ramstick you bring
in your designs etc on, so one needs to be very careful.
Brian

--
----- -
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please!
"The Natural Philosopher" wrote in message
news
On 03/12/16 16:28, Freddy wrote:
but if you letting it access other devices you open yourself up to
viruses / malware, and without patches or antivirus updates your plasma
cutter pc may stop working... be careful

Clone its hard drive.

And keep it as a spare.

That's assuming you cant e.g. run the windows inside a virtual machine,
and take a 'snapshot' of it.

Most of these 'I am there to drive a bit of hardware' PCs never change
configuration.

Things are SO much easier with Linux...


--
"When a true genius appears in the world, you may know him by this sign,
that the dunces are all in confederacy against him."

Jonathan Swift.

On 04/12/2016 10:44, Brian Gaff wrote:
I'd have thought it was simple. If its got a wifi adaptor, the unload its
drivers and tell it not to use this device in thehardware part of control
panel.
If its a wired oonly pc which most of my home ones are, theere is no wifi,
just a network cable, so it can be unplugged

I think the point of the exercise was to maintain a LAN connection with
limited access, but not allow that machine internet access even if the
router provided it for the rest of the LAN.




--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

"John Rumm" wrote in message
o.uk...

On 04/12/2016 10:44, Brian Gaff wrote:
I'd have thought it was simple. If its got a wifi adaptor, the unload its
drivers and tell it not to use this device in thehardware part of
control
panel.
If its a wired oonly pc which most of my home ones are, theere is no
wifi,
just a network cable, so it can be unplugged

I think the point of the exercise was to maintain a LAN connection with
limited access, but not allow that machine internet access even if the
router provided it for the rest of the LAN.



Correct

Andrew

Andrew Mawson wrote:
Or is there some other way that I can access this PC from my network without
giving it access to the outside world?

People have suggested various options which amount to mis-configuring things
so they can't talk. That's a bit fragile because if they manage to
successfully configure (eg make a DHCP request) then it'll blow through the
'protection'.

If you want actual segregation, you have a couple of options:

1) buy a second ethernet interface for the PC. USB ones are a few quid.
Make sure the PC doesn't have 'internet connection sharing' turned on.

2) if you can't have another interface or don't want extra wiring, it's
possible to emit packets with VLAN tags. You can make two virtual
interfaces, one for the cutter and one for the rest - the cutter has a
specific VLAN tag on it. A VLAN (802.1q)-enabled switch (eg [1]) will allow
you to split up the traffic so tagged packets go to one port (the cutter)
and untagged go to the rest.

The second approach is the 'enterprise' way of doing this - it scales to
make larger systems with many overlapping networks over the same physical
cabling. It's much more sustainable than short-term hacks.

Theo

[1] They're pretty inexpensive at the bottom end these days - 25 quid:
http://www.ebuyer.com/641041-tp-link...itch-tl-sg108e

On 04/12/16 12:03, John Rumm wrote:
On 04/12/2016 10:44, Brian Gaff wrote:
I'd have thought it was simple. If its got a wifi adaptor, the unload its
drivers and tell it not to use this device in thehardware part of
control
panel.
If its a wired oonly pc which most of my home ones are, theere is no
wifi,
just a network cable, so it can be unplugged

I think the point of the exercise was to maintain a LAN connection with
limited access, but not allow that machine internet access even if the
router provided it for the rest of the LAN.




Which is all about configuration, no matter how you achieve it, and any
configuration is as fragile as any other really.



--
How fortunate for governments that the people they administer don't think.

Adolf Hitler