Wifi router behind switch in LAN

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Totally new to this, I would like to have a wifi router *in* my LAN so that
I can use my laptop wireless but still access shared drives inside my LAN.
So I bought an SMC wifi router and placed it behind a switch in my LAN.
Works great in that I can access internet this way with my laptop but I
cannot access shared drives.
I figure file-sharing is blocked ??
Accesssing the router's settings is overwhelming yet I can't seem to find
deliberate file-sharing disabled so I'm not sure ?
Any ideas on this ?

Also, as I want things to be secure (e.g. no other people in my LAN) I set
WPA protection with a passphrase.
That was the first thing I got to work, almost immediately so that itself
looks good but is this safe enough ?
And if so do you recommend I protect things differently ?




Re: Wifi router behind switch in LAN


Peter wrote:

Quoted text here. Click to load it
Generally for what you want, you would just attach an Access Point to
the LAN's router. By adding another router, you are on a separate
subnet. Accessing shares on the main network is a routing issue.

Can you turn off the routing functions of  the router [ that is, set it
to AP mode only]?

Re: Wifi router behind switch in LAN



On 10-Jun-2005, "Peter"

Quoted text here. Click to load it

As for you being unable to access your shared drives, you might want to
check the settings on software firewall.  That is usually the culprit. You
will probably have to make your laptop part of the firewall's trusted zone.
As for enabling encryption with WPA, that is always a plus.  Even if you
didn't have WPA, but only had WEP, enabling encryption is always a positive
thing.  Protecting your data is primary.  All traffic, via the airwaves, can
be sniffed, but deciphering the traffic takes time.  Therefore, I recommend
that you use a long nonsense passphrase. For example:

cXI-rkGKZT8i9SBMloPcY23KhMaZBdGu0QeLDAxj3OR9Az2mD5MqxB-DuNjHRIE
or
470304548342620537315623658097631058648389665325357964052645365e MAC address
filtering as another layer that a mischievous hacker must bypass.  All in
all, changing the default SSID, enabling encryption, MAC Address filtering,
frequent review of your logs and common sense internet surfing should
provide more than enough security.  One other thing, I don't recommend that
you share an entire hard drive. Create a folder for sharing and put
everything you'd like to share in it.  Anyway, I hope I was helpful. Take
care.

You can also enab
--
Just Me, D

Re: Wifi router behind switch in LAN


Forgive me for my typos. I've discovered that I have a defect of some sort
in my laptop's keyboard. For instance, I can be typing something on the
fifth line, then all of a sudden, I'm back to typing something on the third
line. My wife will not like it, but I'll use this minor inconvenience as a
way of purchasing a new laptop. Us guys must keep our toys up to date
(smile). Anyway, I apologize again for the typos.

--
Just Me, D

Re: Wifi router behind switch in LAN


smile ...
Not that your wife needs to know but ... I think this happens to more
people, I too have it once in a while.
Sometimes you're not aware that you move your thumb over the touchpad and
that then causes the cursor to jump to another location.
I used to have that often with my Dell, now with my Acer I haven't
experienced it yet.


-------------------------------------------------------
Quoted text here. Click to load it




Re: Wifi router behind switch in LAN


Thanks I will look into that.



Re: Wifi router behind switch in LAN



Quoted text here. Click to load it


To each their but why is the router connected to a switch? Why is the
swicth not connected to the router? Why is the router not the gateway
device for the LAN and WAN? What is the gateway device, which I must
assume is a computer ruuning ICS?
 
Quoted text here. Click to load it

I don't think you have things setup right or for some reason you decided
not to do it, IMHO. If the router were the gateway device for the WAN and
LAN even with the switch connected to it and machines conncectd to the
switch, the machines wire or wireless using the NAT router as the gateway
device would have no problems sharing resouces if the O/S(s) on the
machines were configured to share resources. The router being the gateway
device the machines would have better potection from attacks from the
Internet.

http://www.homenethelp.com/web/explain/about-NAT.asp
  
Quoted text here. Click to load it

http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm

If you were using the router correctly as it being the gateway device for
the WAN and WAN and the router had logging capabilities, then you would
be able to enhance your secuirty by using a logviwer such as Wallwatcher
or others to review traffic to and from your network to make sure nothing
is dubious with connections to remoter IP(s).

http://www.sonic.net/wallwatcher/#Routers

Duane :)


Re: Wifi router behind switch in LAN


Quoted text here. Click to load it

Correct, a computer configured with Win2K
and a software firewall running on that computer

Quoted text here. Click to load it

If I put the wifi router between the modem and the LAN, and I connect with
my laptop via the wifi router ...
can I, with my laptop, then onto the LAN ??
That's why I did what I did, I think/thought that was the online possible
setup to be able to access shares from the LAN.

Peter




Re: Wifi router behind switch in LAN



On 10-Jun-2005, "Peter"

Quoted text here. Click to load it

Yes, connect your wireless router to the cable / DSL modem via the WAN port.
Your LAN is protected and is behind the firewall.  The wireless router will
then be the gateway for all of your PCs to access the internet.  In the
meantime, you may have to list the IP and / or MAC addresses of each PC in
the trusted zone of your software firewall.  This includes your wireless
device. If everything is set up correctly, you will be able to share files
and printers with each of your PCs safely behind the router's firewall
(provided you have file and print sharing enabled) as well as access the
internet.  Again, I hope this information is useful.  Take care.

--
Just Me, D

Re: Wifi router behind switch in LAN


At the moment I have a PC (Win2K) connected to the modem.  On that PC I run
a firewall and I have disabled file-sharing on the network card going to the
modem as an extra protection.  The second network card in that system goes
to the switches and connects all PCs together in a LAN. This PC runs the
DHCP services etc. making it possible for the PCs to obtain an IP and
connect to the internet etc.  The reason is that this same PC contains *all*
my data on a shared drive.  So that, no matter what PC I start, I can always
access all my important documents, pictures, outlook express database etc.

What you suggest would mean that I disable the firewall on that Win2K system
?  Is that correct ?
And set file-sharing on on the WAN netwerk card, correct ?

Somehow I feel not very comfortable with that ?
How trustable is the firewall in my wifi router etc. ... ?




Re: Wifi router behind switch in LAN



On 12-Jun-2005, "Peter"

Quoted text here. Click to load it

Sir, if you are using a router of some sort, it should have at least a NAT
and /or SPI firewall included. By connecting the router to the cable/dsl
modem you are separating the WAN (internet) from your LAN. The router will
provide each of your networked PCs with a "private" IP address that is
differnet from the assigned IP address provided to you by your ISP.  No one
on the WAN side of your router's firewall will have access to the data
within your network unless you provide them access.  So you see, unless you
have more than 4 networked PCs, you really don't need your independent
switch or second network card.  If your router, like most, comes with 4 LAN
ports, those ports will act as your switch.  In short, your router will
protect your network from inbound traffic. Many people use software
firewalls to monitor outbound traffic. Your network will be protected. As I
indicated in an earlier post, it is not recommended that you share an entire
drive. Create a shared folder and place everything you'd like to share in
it. As a safety precaution from determined hackers, what is not shared
cannot be accessed.

--
Just Me, D


Re: Wifi router behind switch in LAN



Quoted text here. Click to load it


I think the NAT router is a better protection solution for you as the
gateway device than the Win 2K machine.

Malware if it reaches the machine and can be executed can take down a
host based FW running at the machine level and expose your entire LAN.

The NAT router is a border device that is standalone and malware cannot
take it down and all machines set behind the NAT router are protected
from inbound threats.


If you have that Win2k machine as the gateway for the network with a
personal FW solution trying to protected it by *hardening* the O/S to
attack.

You should take note on using Authenticated User Group on *shares*. I
even do it on my Win XP pro machines that are sitting behind the gateway
FW appliance.

http://labmice.techtarget.com/articles/securingwin2000.htm

Duane :)

Re: Wifi router behind switch in LAN


Thanks D & D ;-)

I did what you suggested.  The router is now inbetween my modem and my PCs.
I have also enabled MAC address protection as an extra protection layer.
It all appears to work.

One more question.
Because of the various shares (sensitive data I WANT accessible on all PCs
at all time) I thought I could maye set a password on the shares as an
extra.
For when a friend visits with his laptop and wants to go online (after I add
his MAC address), but then can't access the various shares because he
doesn't have the password ...
However, I didn't find in the "Share" tab of properties an option to set a
password ?
I remember with Win98 you could do that (I think) ?
Or am I missing something ?

-------------------------------------------------------
Quoted text here. Click to load it




Re: Wifi router behind switch in LAN


Peter wrote:

Quoted text here. Click to load it

The Win 2K O/S is based on user accounts with a root administrator account
that has full access rights and other lessor access rights user accounts
that can be created by an Administrator user account. There are no password
protected directories or files on a NT based O/S. Furthermore, to implement
any user access rights for directories or files the NT file system (NTFS)
must be implemented and the proper access rights must be given to a
user-account.

I suggest you that you find out what the Convert command is about if the
file system is FAT or FAT32 using Google or Dogpile.com. how to set-up user
accounts on the NT based O/S with proper access rights, or set the account
up on the machine for the user you want to access a share and use the
Authenticated User Group account on shares, which means you created a user
account, you have removed all accounts off of the share and *added* the
Authenticated User Group account and the O/S will check the user-id in the
list of user accounts you have created on the Win 2K machine and will grant
access to the share because the O/S authenticated the user-id given and did
or didn't grant access to the share.

I also suggest you read some of the information in that link I provided on
how to secure a Win 2K O/S.

Quoted text here. Click to load it

You most likely could since it's a root based O/S with no security and
needed a psw to protect a share.

Win NT based O/S(s) such as NT 4.0, Win 2K, Win XP, Win 2K3 as opposed to
the Win 9'x and ME series are two different O/S(s) technologies.

There is a Win 2K Resource Kit book you can most likely check out at the
public library.

Duane :)

Re: Wifi router behind switch in LAN


<snipped>

On 12-Jun-2005, "Peter"

Quoted text here. Click to load it

It's been awhile since I've used W2k, but if I'm not mistaken, your friend
*might* be able to access your shares by logging in as a guest. If that is
indeed the case, I recommend that you password the guest account.

--
Just Me, D

Re: Wifi router behind switch in LAN


<snipped>

On 12-Jun-2005, "Peter"

Quoted text here. Click to load it

<snipped>

As an added note, I recommend that you visit
https://grc.com/x/ne.dll?bh0bkyd2 to check your router's defenses and to see
whether or not you unknowingly have any open ports.  Anyway, I'm glad you're
up and running and comfortable with your setup.  Take care.
--
Just Me, D


Re: Wifi router behind switch in LAN


Quoted text here. Click to load it

First thing I did when I had the router installed ;-))



Re: Wifi router behind switch in LAN


Peter wrote:

Quoted text here. Click to load it

The other poster has answered your questions.
If you need anymore help you can post back.

Duane :)



Site Timeline