MacProUser9

Q: How do I disable internet access for one computer on a LAN?

I have two Mid 2012 Mac Pros connected by an Airport Extreme. I would like one of them (on which I edit video projects) to remain on my LAN, but off the internet to protect it better from trojans, viruses, etc..

 

Does anyone know the step-by-step procedure to set that up? One computer is on OS X 10.11.3, the one I'd like to keep off the internet is running 10.8.5

Mac Pro, OS X Mountain Lion (10.8.5)

Posted on Apr 23, 2016 10:31 AM

Close

Q: How do I disable internet access for one computer on a LAN?

  • All replies
  • Helpful answers

  • by Grant Bennet-Alder,

    Grant Bennet-Alder Grant Bennet-Alder Apr 23, 2016 10:34 AM in response to MacProUser9
    Level 9 (60,971 points)
    Desktops
    Apr 23, 2016 10:34 AM in response to MacProUser9

    1. turn off Wi-Fi

    2. Pull out the Ethernet cable.

    3. Done

  • by lllaass,Helpful

    lllaass lllaass Apr 23, 2016 12:24 PM in response to MacProUser9
    Level 10 (188,994 points)
    Desktops
    Apr 23, 2016 12:24 PM in response to MacProUser9

    Go into the Airport Extreme settings and disable internet access for that one device. You identify a device by the MAC addresses for wifi and Ethernet MAC addresses

  • by MacProUser9,

    MacProUser9 MacProUser9 Apr 23, 2016 12:23 PM in response to lllaass
    Level 1 (4 points)
    Desktops
    Apr 23, 2016 12:23 PM in response to lllaass

    Thanks for your reply. Are you talking about using the Airport Utility? Both of these computers are connected to the Airport router via ethernet cable.

    My goal is to keep them both on the same network, so data can be transferred from one to another, but with internet access disabled for one.

  • by lllaass,

    lllaass lllaass Apr 23, 2016 12:36 PM in response to MacProUser9
    Level 10 (188,994 points)
    Desktops
    Apr 23, 2016 12:36 PM in response to MacProUser9

    Yes, you use AirPort Utility. It should ( I do not have a AirPort router but all the other routers I have had has the capability to  have internet access restricted to a schedule which you define. it may be under parental controls or similar since it is typically used to restrict internet access to kid's devices.

    You enter in the Airport utility settings the MAC address of the devices you want to restrict. If you go to Network Preferences>Ethernet>Advanced>Hardware the MAC address is listed. Yu have to use the MAC address for the Ethernet port that is connect to your network. The Mac Pro has two Ethernet ports and MAC addresses.

  • by Grant Bennet-Alder,

    Grant Bennet-Alder Grant Bennet-Alder Apr 23, 2016 12:46 PM in response to lllaass
    Level 9 (60,971 points)
    Desktops
    Apr 23, 2016 12:46 PM in response to lllaass

    If that does not accomplish what you want, you could also use Parental Controls on an account-by-account basis.

     

    Under the Web heading, you can limit Web access to only a Whitelist of sites -- then leave the list blank.

  • by lllaass,

    lllaass lllaass Apr 23, 2016 12:59 PM in response to MacProUser9
    Level 10 (188,994 points)
    Desktops
    Apr 23, 2016 12:59 PM in response to MacProUser9
  • by Grant Bennet-Alder,

    Grant Bennet-Alder Grant Bennet-Alder Apr 23, 2016 1:02 PM in response to lllaass
    Level 9 (60,971 points)
    Desktops
    Apr 23, 2016 1:02 PM in response to lllaass

    Another way to do this is to Manually provide an IP Address in the correct range (so as to be reachable back and forth from the other computer) but make sure the Router address provided remains BLANK.

     

    That way, it can talk directly to the other machine, but when there is Internet traffic, it has no Router to act as its agent on the Internet.

  • by Linc Davis,

    Linc Davis Linc Davis Apr 23, 2016 6:12 PM in response to MacProUser9
    Level 10 (207,990 points)
    Applications
    Apr 23, 2016 6:12 PM in response to MacProUser9

    To be quite honest, what you're trying to do doesn't make any sense, but that wasn't the question. The only way to allow access to the local network while denying access to the Internet is to use the built-in packet filter. It has no user interface and is very difficult to configure. Your only realistic chance of using it is to install a third-party front end. I don't have a specific recommendation. You would have to search for terms such as "ipfw firewall" and "OS X." As always with third-party software, research it carefully before trusting it.

  • by BobHarris,

    BobHarris BobHarris Apr 23, 2016 6:29 PM in response to MacProUser9
    Level 6 (19,479 points)
    Mac OS X
    Apr 23, 2016 6:29 PM in response to MacProUser9

    If you are going to setup a manual IP address, you will need to provide an IP address for the router field.  But you want to provide an address that is not assigned to any devices in your LAN, and it should be outside the Airport Extreme's DHCP address range so that nothing gets accidentally assigned to that IP address in the future.

     

    System Preferences -> Network -> Advanced -> TCP/IP

    Screen Shot 2016-04-23 at 9.15.04 PM.png

    This does work.  I tried it on my Macbook Pro.  I was able to access other system in my home LAN, but I could not access anything outside my LAN.

  • by Grant Bennet-Alder,

    Grant Bennet-Alder Grant Bennet-Alder Apr 23, 2016 6:56 PM in response to BobHarris
    Level 9 (60,971 points)
    Desktops
    Apr 23, 2016 6:56 PM in response to BobHarris

    Just Don't use the very last address in the range -- it is a magical address that does a broadcast to every device in the range. It might be weird.