PHWinfo - Afficher un message

10/03/2006, 03h45

I'd invert the wiring of the router heirarchy. Consider this:

Internet --> DSL/Wireless ---> Wired Router

Where your most secure PCs are on the "Wired Router" subnet. They will use
routeable protocols to access the Internet, working upstream thru the router
hosting the DSL/Wireless subnet. That way your most secure PCs can see the
Internet and the DSL/Wireless subnet, but the PCs on the DSL/Wireless subnet
can't see anything on the Wired subnet.

Furthermore, on the innermost "Wired Router" subnet, if your PCs are using
any nonrouteable protocols for LOCAL communication (printer sharing, file
sharing, etc.), you are doubly protected because those protocols can't get
out at all... not even to the DSL/Wireless subnet.

Don't get too hung up on the "nonrouteable protocol" issue... it's just an
interesting sidelight that it has double-isolation from the other segments.
Assuming the "DLS/Wireless" Router and the "Wired" Router router are both
using NAT in the usual and customary way, that inner subnet is pretty well
protected for routeable protocols too. Make sure "Universal Plug and Play"
is disabled, and if you do any Port Forwarding, just take appropriate care.

I hope this s.

Bob Bosen
www.AskMisterWizard.com
Tutorial videos for people with work to do

"Kurt" <lorentzenkurt@nospam.hotmail.com> wrote in message
news:120mlfihk1kp76e@corp.supernews.com...
>
> Well, you can't use a non-routable protocol on the router or it wouldn't
> be able to route it.
>
> Internet
> | Your LAN
> DSL Router - Wired Router <
> | (wired) WAP (Private)
> Cafe Router
> |
> WAP (Public)
>
> This setup will allow you complete separation between your private network
> and the cafe Wireless. You can't have it both ways - cafe customers can
> either access the network attached to the WAP or they can't - if you and
> they can both connect, you are connected to each other. SOHO routers will
> isolate because of the NAT (Network Address Translation) not provide
> "outside-in" connections to be made. You'll need to secure your private
> WAP so that cafe clients cannot connect. I'd actually suggest not having a
> WAP on the private LAN, but plug your laptop in for local LAN access, and
> use the cafe wireless just for Internet (being sure you have client for
> microsoft networks and file and print sharing diabled on the wireless).
>
> ...kurt
>
>
> "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message
> news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
>> Someone asked a question previously on a newsgroup which roughly went
>> like this.
>>
>> I have a Cafe and I want to provide broadband access for my customers via
>> my wireless ADSL router. I also have a normal ethernet router through
>> which I run 3 computers.
>>
>> I want to stop people accessing my network but still be able to use the
>> Internet via my wireless access point. Also, I need my 3 computers to be
>> able to access the Internet.
>>
>> The solution by general consenus was to use a non-routable protocol on
>> the wired router, and connect the wired router to the wireless ADSL
>> router thereby automatically creating two subnets.
>>
>> I'm a newbie to networking, but it through up a question that's been
>> bugging me for days. How do his 3 computers access the Internet if they
>> are using a non-routable protocol?
>>
>> Laurence
>>
>>
>
>
>

10/03/2006, 03h45	#5
Bob Bosen Messages: n/a Hébergeur:	Re: A Subnetting/Wireless Access Problem I'd invert the wiring of the router heirarchy. Consider this: Internet --> DSL/Wireless ---> Wired Router Where your most secure PCs are on the "Wired Router" subnet. They will use routeable protocols to access the Internet, working upstream thru the router hosting the DSL/Wireless subnet. That way your most secure PCs can see the Internet and the DSL/Wireless subnet, but the PCs on the DSL/Wireless subnet can't see anything on the Wired subnet. Furthermore, on the innermost "Wired Router" subnet, if your PCs are using any nonrouteable protocols for LOCAL communication (printer sharing, file sharing, etc.), you are doubly protected because those protocols can't get out at all... not even to the DSL/Wireless subnet. Don't get too hung up on the "nonrouteable protocol" issue... it's just an interesting sidelight that it has double-isolation from the other segments. Assuming the "DLS/Wireless" Router and the "Wired" Router router are both using NAT in the usual and customary way, that inner subnet is pretty well protected for routeable protocols too. Make sure "Universal Plug and Play" is disabled, and if you do any Port Forwarding, just take appropriate care. I hope this s. Bob Bosen www.AskMisterWizard.com Tutorial videos for people with work to do "Kurt" <lorentzenkurt@nospam.hotmail.com> wrote in message news:120mlfihk1kp76e@corp.supernews.com... > > Well, you can't use a non-routable protocol on the router or it wouldn't > be able to route it. > > Internet > \| Your LAN > DSL Router - Wired Router < > \| (wired) WAP (Private) > Cafe Router > \| > WAP (Public) > > This setup will allow you complete separation between your private network > and the cafe Wireless. You can't have it both ways - cafe customers can > either access the network attached to the WAP or they can't - if you and > they can both connect, you are connected to each other. SOHO routers will > isolate because of the NAT (Network Address Translation) not provide > "outside-in" connections to be made. You'll need to secure your private > WAP so that cafe clients cannot connect. I'd actually suggest not having a > WAP on the private LAN, but plug your laptop in for local LAN access, and > use the cafe wireless just for Internet (being sure you have client for > microsoft networks and file and print sharing diabled on the wireless). > > ...kurt > > > "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message > news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com... >> Someone asked a question previously on a newsgroup which roughly went >> like this. >> >> I have a Cafe and I want to provide broadband access for my customers via >> my wireless ADSL router. I also have a normal ethernet router through >> which I run 3 computers. >> >> I want to stop people accessing my network but still be able to use the >> Internet via my wireless access point. Also, I need my 3 computers to be >> able to access the Internet. >> >> The solution by general consenus was to use a non-routable protocol on >> the wired router, and connect the wired router to the wireless ADSL >> router thereby automatically creating two subnets. >> >> I'm a newbie to networking, but it through up a question that's been >> bugging me for days. How do his 3 computers access the Internet if they >> are using a non-routable protocol? >> >> Laurence >> >> > > >