Prev: Local Settings folder and Outlook data files
Next: simple home lan problems
From: NoSpam on 16 Feb 2005 19:25
Machine 1: XP-Home, SP2
Machine 2: 98SE
Machine 3: 98SE
DSL Modem: Netopia Cayman 3341 (CenturyTel)
Router: Looking for recommendations

Situation: Recently went from dial-up on Machine 1 (which
provided ICS to Machine 2) to DSL on Machine 1.

Desired configuration:
DSL modem => Router w/Ethernet switch => Machines 1-3.
(Machines 1 & 2 will be wired via Ethernet; Machine 3 will be
wireless. So, I'm considering something like the Microsoft MN-700
for the router.) Machines 1-3 all need Internet access. Machines
1 & 2 need to have complete, unfettered file and printer sharing
with each other (entire hard drives fully shared). Machine 3
*must* be blocked from accessing the shared files and printers on
Machines 1 & 2.

How can this be accomplished? Can the router be configured to
selectively block one machine's access to another machine's
shared devices? Can some software firewall (ZoneAlarm, etc.) do
this?

Many, many thanks for any help you can provide this neophyte!

P.S. - If this is not an appropriate newsgroup for this query,
please point me to a better one.
From: Chuck on 16 Feb 2005 21:28
On Thu, 17 Feb 05 00:25:00 GMT, nospam(a)SPAM_BE_GONE_capturingmemories.com
(NoSpam) wrote:

>Machine 1: XP-Home, SP2
>Machine 2: 98SE
>Machine 3: 98SE
>DSL Modem: Netopia Cayman 3341 (CenturyTel)
>Router: Looking for recommendations
>
>Situation: Recently went from dial-up on Machine 1 (which
>provided ICS to Machine 2) to DSL on Machine 1.
>
>Desired configuration:
>DSL modem => Router w/Ethernet switch => Machines 1-3.
>(Machines 1 & 2 will be wired via Ethernet; Machine 3 will be
>wireless. So, I'm considering something like the Microsoft MN-700
>for the router.) Machines 1-3 all need Internet access. Machines
>1 & 2 need to have complete, unfettered file and printer sharing
>with each other (entire hard drives fully shared). Machine 3
>*must* be blocked from accessing the shared files and printers on
>Machines 1 & 2.
>
>How can this be accomplished? Can the router be configured to
>selectively block one machine's access to another machine's
>shared devices? Can some software firewall (ZoneAlarm, etc.) do
>this?
>
>Many, many thanks for any help you can provide this neophyte!
>
>P.S. - If this is not an appropriate newsgroup for this query,
>please point me to a better one.

A NAT router, like the MN-700, blocks traffic between the internet (WAN) and the
computers (LAN). Between the computers, its just a switch. No blocking there.

A personal firewall, OTOH, like Zone Alarm can indeed be used to block access to
file sharing. Use static ip addresses on your computers, and you can indeed
specify file sharing with specific ip addresses only.

If you're going to use a wireless LAN, you should indeed use fixed ip addresses,
and configure computers 1 and 2 to share ONLY with each other. Protect them
from your wireless neighbors too.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net
From: Jack on 17 Feb 2005 00:56
Hi
Since Routers are very inexpensive to day (some are $10-$20 on sale/rebate)
buy two Routers.
Connect one Router to the DSL Modem and connect computer 3 to it. Connect
the second Routerýs WAN port to a regular port on the first Router and put
computer 1 and 2 on it.
Configure the segments as two independent Networks. All computers will be
able to access the Internet, but computer 3 will not access computers 1-2
since the Router NAT will block it. 1-2 would be able to access 3.
Jack (MVP-Networking).


"NoSpam" <nospam(a)SPAM_BE_GONE_capturingmemories.com> wrote in message
news:KvadndGIY43AeY7fRVn-vA(a)centurytel.net...
> Machine 1: XP-Home, SP2
> Machine 2: 98SE
> Machine 3: 98SE
> DSL Modem: Netopia Cayman 3341 (CenturyTel)
> Router: Looking for recommendations
>
> Situation: Recently went from dial-up on Machine 1 (which
> provided ICS to Machine 2) to DSL on Machine 1.
>
> Desired configuration:
> DSL modem => Router w/Ethernet switch => Machines 1-3.
> (Machines 1 & 2 will be wired via Ethernet; Machine 3 will be
> wireless. So, I'm considering something like the Microsoft MN-700
> for the router.) Machines 1-3 all need Internet access. Machines
> 1 & 2 need to have complete, unfettered file and printer sharing
> with each other (entire hard drives fully shared). Machine 3
> *must* be blocked from accessing the shared files and printers on
> Machines 1 & 2.
>
> How can this be accomplished? Can the router be configured to
> selectively block one machine's access to another machine's
> shared devices? Can some software firewall (ZoneAlarm, etc.) do
> this?
>
> Many, many thanks for any help you can provide this neophyte!
>
> P.S. - If this is not an appropriate newsgroup for this query,
> please point me to a better one.


From: Steve Winograd [MVP] on 17 Feb 2005 03:16
In article <KvadndGIY43AeY7fRVn-vA(a)centurytel.net>,
nospam(a)SPAM_BE_GONE_capturingmemories.com (NoSpam) wrote:
>Machine 1: XP-Home, SP2
>Machine 2: 98SE
>Machine 3: 98SE
>DSL Modem: Netopia Cayman 3341 (CenturyTel)
>Router: Looking for recommendations
>
>Situation: Recently went from dial-up on Machine 1 (which
>provided ICS to Machine 2) to DSL on Machine 1.
>
>Desired configuration:
>DSL modem => Router w/Ethernet switch => Machines 1-3.
>(Machines 1 & 2 will be wired via Ethernet; Machine 3 will be
>wireless. So, I'm considering something like the Microsoft MN-700
>for the router.) Machines 1-3 all need Internet access. Machines
>1 & 2 need to have complete, unfettered file and printer sharing
>with each other (entire hard drives fully shared). Machine 3
>*must* be blocked from accessing the shared files and printers on
>Machines 1 & 2.
>
>How can this be accomplished? Can the router be configured to
>selectively block one machine's access to another machine's
>shared devices? Can some software firewall (ZoneAlarm, etc.) do
>this?
>
>Many, many thanks for any help you can provide this neophyte!
>
>P.S. - If this is not an appropriate newsgroup for this query,
>please point me to a better one.

Here's a possibility:

1. Assign a static IP address to Machine 3 that's in the same subnet
as the router's LAN interface, but outside the scope of the router's
DHCP server. For example, if the DHCP server assigns
192.168.1.2-192.168.1.50, assign 192.168.1.100 to Machine 3.

2. To allow Internet access on Machine 3, manually set its DNS server
address to the router's LAN IP address or your ISP's DNS address.

3. Configure ZoneAlarm on Machine 1 and 2 so that only the DHCP
server's pool of addresses is in the Trusted zone.

I also like Jack's suggestion of using two routers.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
From: Newtechie on 17 Feb 2005 08:44
Hi Chuck,

What's OTOH?

Newtechie

"Chuck" <none(a)example.net> wrote in message
news:duv7111r2pp7s4j18aq5cer28kl2sqaa5l(a)4ax.com...
> On Thu, 17 Feb 05 00:25:00 GMT, nospam(a)SPAM_BE_GONE_capturingmemories.com
> (NoSpam) wrote:
>
>>Machine 1: XP-Home, SP2
>>Machine 2: 98SE
>>Machine 3: 98SE
>>DSL Modem: Netopia Cayman 3341 (CenturyTel)
>>Router: Looking for recommendations
>>
>>Situation: Recently went from dial-up on Machine 1 (which
>>provided ICS to Machine 2) to DSL on Machine 1.
>>
>>Desired configuration:
>>DSL modem => Router w/Ethernet switch => Machines 1-3.
>>(Machines 1 & 2 will be wired via Ethernet; Machine 3 will be
>>wireless. So, I'm considering something like the Microsoft MN-700
>>for the router.) Machines 1-3 all need Internet access. Machines
>>1 & 2 need to have complete, unfettered file and printer sharing
>>with each other (entire hard drives fully shared). Machine 3
>>*must* be blocked from accessing the shared files and printers on
>>Machines 1 & 2.
>>
>>How can this be accomplished? Can the router be configured to
>>selectively block one machine's access to another machine's
>>shared devices? Can some software firewall (ZoneAlarm, etc.) do
>>this?
>>
>>Many, many thanks for any help you can provide this neophyte!
>>
>>P.S. - If this is not an appropriate newsgroup for this query,
>>please point me to a better one.
>
> A NAT router, like the MN-700, blocks traffic between the internet (WAN)
> and the
> computers (LAN). Between the computers, its just a switch. No blocking
> there.
>
> A personal firewall, OTOH, like Zone Alarm can indeed be used to block
> access to
> file sharing. Use static ip addresses on your computers, and you can
> indeed
> specify file sharing with specific ip addresses only.
>
> If you're going to use a wireless LAN, you should indeed use fixed ip
> addresses,
> and configure computers 1 and 2 to share ONLY with each other. Protect
> them
> from your wireless neighbors too.
>
> --
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.
> My email is AT DOT
> actual address pchuck sonic net


 |  Next  |  Last
Pages: 1 2
Prev: Local Settings folder and Outlook data files
Next: simple home lan problems