Prevent connection to specific IP on specific connection
Here's the problem. I have two network connections on my DEV machine.
LAN - Connects to the building network and internet. IP is assigned by DHCP and is 192.168.30.XX.
LOCAL - Connects to a switch, which has one TEST machine. IP is 192.168.25.100. And the test machine is at 192.168.25.2.
Right now I remotely reboot the TEST machine, then ping to see when it's come back up.
Problem is, yesterday someone (probably accidentally) added a machine to the building LAN that has an IP of 192.168.25.2, so now when my TEST machine is rebooted and I ping for it, I get a response from this remote machine on the LAN, my software thinks the TEST machine is back up, and tries to log in. This obviously fails, because it's not the TEST machine responding, and it's still mid-reboot.
My question is, how do I either:
- prevent all requests for 192.168.25.2 from going out over LAN, or
- force all requests for 192.168.25.2 to go out over LOCAL
UPDATE: I think the best solution would be to modify the routing table so that packets to 192.168.25.2 are blocked over one interface, and statically routed over the other.
Thing is, while I can add a static route using this:
route add 192.168.25.100 mask 255.255.255.255 192.168.25.2
But Windows will still automatically fail back to the LAN and attempt to ping there if that static route fails.
Is there a way of blocking traffic to a specific interface or gateway within the routing table?
Not sure why I didn't think of this earlier, but the simplest solution is to just create a custom rule within the windows firewall to block connections to/from the specified IP, on a certain interface or connection type.
UPDATE: Doesn't really solve the problem either. This just causes pings to come back as "General Failure", rather than as a timeout or destination unreachable. "General failure" causes an exception in C#, and I'd have to write a handler to catch it.
Again, I COULD write an exception handler, but that isn't very elegant.
If someone 'added a machine' onto the network and gave it a static IP address outside of the DHCP scope then they're probably experiencing other problems too... Not being able to connect to Printers/other machines/other odd problems due to being on a different subnet. Find out who this person is and setup their PC correctly (ie on DHCP!).
Check your server that the DHCP scope is set correctly, then see if there is a lease for the 'rogue' PC. Expire it if found. Then add DHCP exceptions for your PC's you want to use on a different subnet, if they are not already present. Might be a good idea to flush the DNS on the server after doing any of this too.
IF you're not the network administrator then get them involved - people shouldn't be setting up PC's on your network if they don't know how to do it!
As you've already figured out - best way to block an IP address is to add it into the Firewall, you could also add exceptions into the Firewall too...