Hi,
I have a 2008R2 Server with two NICs. One is connected directly to WAN and second NIC is connected to internal LAN network. Server is running the DHCP, DB and Proxy on internal network. However there was a need to connect some computers with specific IPs directly to Internet without using the proxy. So we have added RRAS role to the server so the server now acts as the gateway for everyone in the network. Is there any way how to block forwarding between NICs for specific IPs while still allowing them to access the servers proxy which handles the authentication and access to allowed sites on username/password level ?
WAN: 10.0.0.10 255.255.255.0 gateway 10.0.0.1 DNS 10.0.0.1
LAN: 192.168.1.1 255.255.255.0
Example:
Everyone on LAN who connect and asks for the IP via DHCP will be able to access all services on 192.168.1.1 (local db, proxy,etc.), but will be blocked to access WAN directly. If the IP is on allowed list it will allow him to access WAN directly without need of using the proxy on 192.168.1.1