i have a desktop pc (with xp home) that doesnt yet have broadband access. i also have someone in the house who i would like to share the broadband access with, but not anything else (files, etc). Is it possible to have one broadband line coming in, then have the desktop and the laptop able to access the internet at any time (inc at same time) without having the laptop access any of my data, or indeed me able to see what is on his laptop.
I've had a look on the web for solutions and have been considering buying a wireless router and 2 wireless network cards for the pc and laptop, but then it seems i have to put the 2 in a network for them to be able to share the broadband internet access through the router - and this is the bit that worries me.
oh, a side question - does the router stay connected to the internet permanently? what happens if the line drops for whatever reason?
If your router has firewall capabilities, turn off ports 135, 137, 138,
139 and 445. Those are the ports used for file sharing (the network neighborhood). With those ports turned off, no system on your network will be able to see files on any other system on the network.
The router should be able to reinitiate the connection if it goes down. That is, the modem/router combination should maintain the connection if no computers are currently active.
Get any wireless router. The wireless is on the outside of the routers firewall. It gets internet but can't log on to the network. Only if you change the settings to "AP" do the files on the network become available to the wireless side.
This is the classic "coffee shop" problem. You build a coffee shop hot spot for customers to share a single DSL or cable modem. Only one IP address is delivered by the ISP. How do you keep the customers from seeing the coffee shop office computers? The same problem includes users that want to share their connection with the neighbors, but not expose their computers to the anyone outside the LAN.
This has been discussed before with various solutions. The easiest is to obtain a 2nd IP address from the ISP. You would use two routers, one for each "group" of users. Neither LAN would see each other, even if they had identical IP address blocks. I have 5ea IP addresses from SBC and use this method to connect 4ea seperate companies on a single DSL modem.
If you're stuck with a single IP address, you setup the wireless and internal LAN with different Class C IP blocks. For example, the wireless router DHCP delivers IP's in 192.168.1.xxx and the internal LAN runs on 192.168.2.xxx. You don't really need a 2nd router to connect these two seperate LAN's as you could setup a static route to the wireless router at 192.168.1.1 from 192.168.2.xxx on every client machine and point the default route to 192.168.1.1. However, this creative routeing has proven to be a rather painful exercise in maintenance, so I add a 2nd router to connect 192.168.1.xxx with
192.168.2.xxx. The static route method isn't terribly secure as a clueful wireless user could easily break into the internal LAN.
Another method is two routers in series playing double NAT. The default route for the 2nd router would point to the first router. Therefore (methinks), the 2nd LAN would not see any machines on the first LAN.
The "right" way is to get a router with multiple LAN side ports. I do this using FreeSCO:
formatting link
built around old PC's. To the best of my knowledge, there are no cheapo wireless routers that offer multiple independent LAN side ports. So, you build your own. It's not that bad and makes sense in some situations.
That depends on the router. If you have to deal with a login/password abomination commonly found in PPPoE connections, there's usually a box labelled something like "keep alive" or "auto-reconnect". Some have a timeout setting which is suppose to disconnect you after xxx number of minutes. Setting it to zero disables the timer. Most of the current models have some method of staying on or logging back in. These are generally un-necessary as most Windoze clients are so "noisy", that any packet that needs to access the interknot, will bring up the connection. Not a problem.
Yes, if you get a wireless router, all computers on the wireless network would be on the same network, thus file sharing would be possible...
However, there's ways to make sure that files are not shared between computers on the same LAN.
1) Don't put the computers in the same workgroup. Make sure your desktop computer has a different workgroup name than your friends laptop.
2) Disable File and Print sharing.
3) Use passwords on all accounts (including your own and especially the administrator account)
4) Disable NetBIOS broadcasts. There's a registry setting to change the node type from the default "hybrid" (which uses broadcast) to "peer-to-peer" (which doesn't use broadcasts). This prevents your computer from notifying other computers on your LAN about its existence, thus it will not show up in Network Neighborhood.
5) You can use a desktop firewall program to block any access to anything on your computer from your own LAN.
You don't have to do all of these, but you should at least consider the top 3 items. #4 would only hide what isn't there anymore (if you did #2). The personal firewall option is if you really don't trust the other guy. Even if you've disabled file sharing and hidden your computer, there's always the possibility that your friend may still try (either deliberately or accidentally (read: worm infection)) something, and the firewall will block any attempts to connect on ports that aren't closed when disabling file sharing.
Lars M. Hansen
formatting link
Remove "bad" from my e-mail address to contact me. "If you try to fail, and succeed, which have you done?"
True. However if you configure both for tcp/ip, then you can ping each machine even if file and print sharing is enabled. If I can ping, I can play other tricks. However, if you turn on the Windoze XP firewall, and do NOT exclude anything, you can be quite invisible and still surf the web. If you don't have XP, try ZoneAlarm, Kerio, Norton Firewall, or similar personal firewall.
Have you tried it? I have, with a coffee shop network. To go anywhere, the 2nd LAN has all its packets routed through the 2nd router to the first router via the default route (which points to the first routers IP address). If I try to ping something from the 2nd LAN to one of the computahs on the first LAN, the packets will try to get there via the default route and never hit the other computahs.
Similarly, going from the 1st LAN to the 2nd isn't possible because the only IP address that's visible from the 1st LAN is the "WAN" side IP address of the 2nd router. There's no route to the individual computahs on the 2nd LAN.
However, I'll admit that I didn't do a very exhaustive test while the coffee shop owner was pelting me with questions. Therefore, I'm not
100.0% sure that I'm right. I have enough junk here at my house to set it up again and try it (if I feel inspired and after I finish some billing).
That depends on the netmask on the WAN side of the 2nd router. With
255.255.255.0 on the 2nd router, one would see all the computahs on the 1st LAN from the 2nd LAN. However, if I use a much smaller netmask, and insure that only the 1st routers IP address is inside the netwmask range, the other computahs in the 1st LAN will be invisible.
Digging out the subnet calculator.... If the IP address of the 1st router's LAN side is 192.168.1.1, then for 6ea IP addresses (including broadcast), I would use an IP address of 192.168.1.2 for the "WAN" side of the 2nd router. As long as the IP address of the workstations in the 1st LAN are *NOT* 192.168.1.3 -> 192.168.1.5, they would be invisible from the 2nd LAN.
Note: I still prefer a single box acting as a multiport router using FreeSCO.
If neither machine enable file and print sharing, and didn't configure any network settings, they wouldn't see each other. they would both connect to the Internet through the router but wouldn't be able to see each other's files etc.
I don't think that setting up with 2 routers in tandem would accomplish much. Computers connected to the 1st router could see each other if they enabled file and print sharing and shared some files. Similarly for computers connected to the 2nd router. But those connected to the 1st router would ordinarily be blocked from those on the 2nd (built in NAT does that), but those on the 2nd could see those on the 1st if networked and file and print sharing enabled.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.