I have a file server that I run 24/7. For better security, I'd prefer to have it not connected to the Internet 24/7.

Is there a way to have the file server connected to my network, but NOT connected to the Internet?

Pull out the piece of wire that connects you to the Internet via the modem.

However, I suspect that the server is not a server but just another client on a Peer to Peer network and you want all the other computers on the network to have a connection. In this case the only way to do it is to use a fixed IP address and delete the gateway address in the TCP/IP configuration.

If it is in fact a file server then we need to know which server OS you are using and how you are connecting to the Internet. Saves a lot of guessing.

Windows Vista is not a server OS.

Stuart

It's just an old AMD 1600mhz computer with 3x750GB hard drives in it. I call it a file server. It runs Windows XP Pro SP2 and stores tv shows, dvds, application installers, etc. It also has a printer connected to it so that all of the computers can share one printer.

It connects to the internet like the 5 other computers: through a gigabit router connected to a cable modem. I just want it connected to my network so that the other PCs can see it, without exposing it to the dangers of the internet 24/7. If it goes down, it takes a lot of stuff with it.

You are not making anything better. Any computer with access to the internet can infect your server. You have to make trusted computers on lan only and untrusted computers on internet only.

There are ways to secure the connection quite well. That is not the issue. The issue is how to prevent data loss. The only way to be sure it nuke it from high orbit. It can not be allowed any direct or indirect access.

If you insist then consider ssh or other types of VPN access or even remote desktop wouldn't be that bad. At least with RDP you are somewhat insulated.

I read it wrong and answer it wrong too. So get off my case you peanut.

If the file server is only connected to a LAN WITHOUT internet access that would be the simple solution.

Lets say you have a PC that needs access to your LAN and the Internet. Install two network adapters in the PC. Configure one to connect to the internet, and the other one to your LAN. Now you have the best of both worlds. Do not 'bridge' or otherwise link the two adapters or you will now provide the internet connectivity you did not wish for.

Of course any computer you connect to your LAN 'with internet' access could potentially be compromised, but with good security measures on your internet PC (and good malware protections, AV, firewall, etc.) then you should be ok.

Using RPN, SSH, etc. etc. are good idea's also but this may be a simpler solution to installing a bunch of software and not changing the actual network setup.

If there is ever a concern you could restrict the LAN to certain PC connections also...

J.
j e r u v y a t y a h o o d o t c o m

"Is there a way to have the file server connected to my network, but NOT connected to the Internet?"

My goodness. This is simple. Simply remove the gateway entry from the static ip setting in tcp/ip properties. Now its off the internet.

Or configure the windows or other software firewall to only trust the local subnet and lock out the internet [zonealarm can do this - not sure of the windows firewall]

If you really want security without the hassle of the above install netbeui on all pcs and make this server ONLY have netbeui. The others will be able to access but it will have no internet and can't be touched by the internet since the internet can't talk in netbeui protocol language.

You would have to get this off the xp cd under extras if I recall correctly.

Imagine the power if you knew how to internet search

Why would you consider installing a deprecated protocal like netbeui? That would reduce security not improve it.

Removing the gateway only removes your 'path', not your connectivity. The machine would still have internet connectivity regardless of the protocals (it may or may not work...). NAT is still working for anything that is physically connected to a router unless your router can (and is) configurable to its NAT table. I hazard most unmanaged devices would lack such capability.

If DHCP is used (again, typical of most routers setup) then you have no potential to make this happen.

J.
j e r u v y a t y a h o o d o t c o m

"Why would you consider installing a deprecated protocal like netbeui? That would reduce security not improve it."

You are misinformed. This is actually an old trick for securing a MS SQL server and the principle is the same that by removing all other protocols and talking in a nonrouting protocol you have no chance of internet touching your machine.

"Removing the gateway only removes your 'path', not your connectivity. . NAT is still working for anything that is physically connected to a router unless your router can (and is) configurable to its NAT table."

Again you are misinformed. You are confusing physical access with protocol access. You remove the gateway, traffic is restricted to only the local lan. The local tcp/ip stack has no place of last resort to push the packet ie. gateway. No gateway there is no nat, there is no internet access. You can easily confirm this with a ping test. Take your gateway out and try pinging google.com.

no gateway = no nat

"The machine would still have internet connectivity regardless of the protocals (it may or may not work...)"

Really? You might want to review your networking a bit. Only protocol you can get on the internet with is tcp/ip which also is the protcol NAT uses. No tcp/ip no internet no nat. Netbeui is not routable.

Clarify things for you?

Imagine the power if you knew how to internet search

"You are misinformed. This is actually an old trick for securing a MS SQL server and the principle is the same that by removing all other protocols and talking in a nonrouting protocol you have no chance of internet touching your machine."

I'm afraid this 'trick' is non-standard and for purposes of this OP it would probably work. I'm not about to test it.

But you are misinformed.

You do not improve security with the protocal since it's implementation on the hardware is outdated. Since NETBEUI is actually transported on NETBIOS which is implemented on the TCP/IP stack that Windows uses (also samba). This cannot be disabled, and without active perimeter filtering it can be routed, although improperly. As such you open the door to risks associated with an unpatched protocal on insecure hardware thanks to the transport mechanisms in windows. This is not a new exploit method.

"No gateway there is no nat, there is no internet access. You can easily confirm this with a ping test. Take your gateway out and try pinging google.com."

This is an obviously misguided statement. NAT does not translate private IP space past the router "unless" RIP is implemented in some form.

However this argument is really moot since it's detracting and complicating a fairly simply process.

J.
j e r u v y a t y a h o o d o t c o m