OK, here's the situation:

I have on my network a server who i'll call serv1 for now. serv1 is an NT primary domain controller for the entire network. Serv1 also has Microsoft prosy server 2.0 installed and is serving internet access for the whole network.

On the other side of the building we have an electronics classroom with about 25 machines in it. The problem that I need help with is figuring out how to allow those machines on the network without allowing them internet access.

I can't do it via user permissions cause the kids that go through there also use machines in other labs where they legitimatly need the internet. I can't do it with security software or anything like that becuase in that class the kids learn how to reinstall windows, take systems apart, etc.

The only thing I've come up with so far is to setup a linux box between that lab and the rest of the network. I know Linux does routing and all that junk, as I've used it before to serv internet connections, but I've never used it for anything like this before. I could then setup Linux to not allow connections to serv1 on port 80 (where the proxy listens). This should allow them to authenticate and do anything else on serv1, but not allow proxy connections. I don't see why it wouldn't work, but I wanted to see what you guys and gals came up with first.

The network is all 10/100 mbit and the only protocol in place is TCP/IP. Thanks a lot guys!!!