I currently have setup a DSL modem connected to a linksys router and have the connection going out to 3 computers. one windows 2k professional, one Mac OSX, and one Mac OS9. Yes I know macs suck, they aren't my choice either, but for where this is I can't change that.

This setup is at a movie theatre, and the windows machine is what the managers use, and what runs all the terminals in the lobby. Anyway what I need to do is set it up that the Win2k machine can not surf the web, but can have outgoing transmissions still work. The reason for this is that I need the windows machine to be able to send out credit card transactions and recieve the responses, but I don't want the managers wasting time in their office surfing the web.

The two Macs need no form of limitations as those are for the general manager/owner, and his secretary to work.

The model of the router is BEFW11S4 I believe. The reason for the wireless is that there will eventually be a laptop for the general manager that will have a wireless card in it so he can go around the building to all the projectors and configure them and still be online.

Any help or pointers in where to look online for a setup like this would be helpful.
Thanks

If you want to block the traffic at the router. ->Right now im not on a network served by one of my linksys routers. So i dont know the exact names of the tabs. But the process should be as follows. Go into the router..you know 192.168.2.1 or something like that. Click the advanced tab (should be all the way to the right) Find a tab that has something about Port Filtering/ Traffic Filtering/ Port Blocking....Here you should be able to block a port range from 80-80, All Http traffic runs on port 80, so blocking this ports upstream and downstream would effectively make the internet unbrowsable. I think that you can assign these filters to certain ip addresses on the network (someone correct me if I'm wrong) So, assign all these port filters to the internal ip address of the win2k computer.

If you ONLY want to allow the ports that you send your credit card info, block the port range from 0-5000 but leave a gap for the port that you send need to be active to send and recieve credit card info. (ie. say you need port 277 to work, block the ranges 0-276 and 278-5000) This should eliminate all traffic over your network other than the traffic you need.

If it turns out you cannot block port ranges for a specific ip address on your router, first make sure you have updated the firmware, and if that still doesnt work. You might want to look at software firewalls that have password protection. Like netnanny or something like that.

you could try going into IE connection properties and subbing a fake bs IP addy for the x's.
it would shut down IE very well!!!

if your place uses DHCP, individual port blocking is useless