How to allow only internet access to wireless clients?

You get a personal firewall/personal packet filter on the workstation and block all LAN IP(s). (LAN IP(s) are those IP(s) that can be used or issued to machines connected to the router wired or wireless. You set rules with the PFW/PPF to block all LAN IP(s), except for the two machines on the LAN you want to share resources with each other.

For the server, you'll need a server class software FW on that machine.

Here are some other tips to protect the Windows O/S from attack on the LAN, assuming the machines are Windows XP, Windows 2K, Win 2K3. or Vista.

IPsec is on Vista Home Premium. I have not applied the AnalogX rules to Vista, but that will happen soon for this laptop running Vista's FW on a dial-up.

On 23 Apr 2007 05:11:34 -0700, dbasedos wrote in :

You need wireless-to-wired isolation, ideally by getting a wireless router with that feature. (See hotspot routers in the wikis below.)

An alternative is to setup VLAN separation in DD-WRT firmware running on a suitable wireless router platform.

Yet another alternative is to use three low-end (cheap) routers:

+----------+ | Wired | | Router | +--+----+--+ | | +-----+ +------+ | | +-----+----+ +-----+----+ | Wired | | Wireless | | Router | | Router | +----------+ +----------+

That puts everyone on "double NAT" which generally works well, although it can break some (older) network apps.

This answer was cut and pasted from an earlier post to this newsgroup by me. Your question is also answered in the wikis below. Please always check to see if your question is already answered _before_ posting it.