A Subnetting/Wireless Access Problem

05/03/2006, 06h59

Someone asked a question previously on a newsgroup which roughly went like
this.

I have a Cafe and I want to provide broadband access for my customers via my
wireless ADSL router. I also have a normal ethernet router through which I
run 3 computers.

I want to stop people accessing my network but still be able to use the
Internet via my wireless access point. Also, I need my 3 computers to be
able to access the Internet.

The solution by general consenus was to use a non-routable protocol on the
wired router, and connect the wired router to the wireless ADSL router
thereby automatically creating two subnets.

I'm a newbie to networking, but it through up a question that's been bugging
me for days. How do his 3 computers access the Internet if they are using a
non-routable protocol?

Laurence

05/03/2006, 11h47

I am also a newbie to networking, but i would guess the 3 hardwired
computers would have to have a non routable protocol, such as NetBEUI
to connect to each other, but to access the internet they will also
have to TCP/IP installed, this is a routable protocol. File and printer
sharing will be turned on in NetBEUI, but off on TCP/IP

As I said, im also a newbie so i am possibly wrong?

05/03/2006, 21h19

Well, you can't use a non-routable protocol on the router or it wouldn't be
able to route it.

Internet
| Your LAN
DSL Router - Wired Router <
| (wired) WAP (Private)
Cafe Router
|
WAP (Public)

This setup will allow you complete separation between your private network
and the cafe Wireless. You can't have it both ways - cafe customers can
either access the network attached to the WAP or they can't - if you and
they can both connect, you are connected to each other. SOHO routers will
isolate because of the NAT (Network Address Translation) not provide
"outside-in" connections to be made. You'll need to secure your private WAP
so that cafe clients cannot connect. I'd actually suggest not having a WAP
on the private LAN, but plug your laptop in for local LAN access, and use
the cafe wireless just for Internet (being sure you have client for
microsoft networks and file and print sharing diabled on the wireless).

....kurt

"Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message
news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> Someone asked a question previously on a newsgroup which roughly went like
> this.
>
> I have a Cafe and I want to provide broadband access for my customers via
> my wireless ADSL router. I also have a normal ethernet router through
> which I run 3 computers.
>
> I want to stop people accessing my network but still be able to use the
> Internet via my wireless access point. Also, I need my 3 computers to be
> able to access the Internet.
>
> The solution by general consenus was to use a non-routable protocol on the
> wired router, and connect the wired router to the wireless ADSL router
> thereby automatically creating two subnets.
>
> I'm a newbie to networking, but it through up a question that's been
> bugging me for days. How do his 3 computers access the Internet if they
> are using a non-routable protocol?
>
> Laurence
>
>

07/03/2006, 23h24

Yes, as I said I am a newbie. And I've seen various solutions to this
problem. Kurt, your solution seems to make more sense. As you said you can't
have everything.

But, when I saw people suggesting a non-routable protocol to access the
internet, I thought, what!

Laurence

"Kurt" <lorentzenkurt@nospam.hotmail.com> wrote in message
news:120mlfihk1kp76e@corp.supernews.com...
>
> Well, you can't use a non-routable protocol on the router or it wouldn't
> be able to route it.
>
> Internet
> | Your LAN
> DSL Router - Wired Router <
> | (wired) WAP (Private)
> Cafe Router
> |
> WAP (Public)
>
> This setup will allow you complete separation between your private network
> and the cafe Wireless. You can't have it both ways - cafe customers can
> either access the network attached to the WAP or they can't - if you and
> they can both connect, you are connected to each other. SOHO routers will
> isolate because of the NAT (Network Address Translation) not provide
> "outside-in" connections to be made. You'll need to secure your private
> WAP so that cafe clients cannot connect. I'd actually suggest not having a
> WAP on the private LAN, but plug your laptop in for local LAN access, and
> use the cafe wireless just for Internet (being sure you have client for
> microsoft networks and file and print sharing diabled on the wireless).
>
> ...kurt
>
>
> "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message
> news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
>> Someone asked a question previously on a newsgroup which roughly went
>> like this.
>>
>> I have a Cafe and I want to provide broadband access for my customers via
>> my wireless ADSL router. I also have a normal ethernet router through
>> which I run 3 computers.
>>
>> I want to stop people accessing my network but still be able to use the
>> Internet via my wireless access point. Also, I need my 3 computers to be
>> able to access the Internet.
>>
>> The solution by general consenus was to use a non-routable protocol on
>> the wired router, and connect the wired router to the wireless ADSL
>> router thereby automatically creating two subnets.
>>
>> I'm a newbie to networking, but it through up a question that's been
>> bugging me for days. How do his 3 computers access the Internet if they
>> are using a non-routable protocol?
>>
>> Laurence
>>
>>
>
>

10/03/2006, 03h45

I'd invert the wiring of the router heirarchy. Consider this:

Internet --> DSL/Wireless ---> Wired Router

Where your most secure PCs are on the "Wired Router" subnet. They will use
routeable protocols to access the Internet, working upstream thru the router
hosting the DSL/Wireless subnet. That way your most secure PCs can see the
Internet and the DSL/Wireless subnet, but the PCs on the DSL/Wireless subnet
can't see anything on the Wired subnet.

Furthermore, on the innermost "Wired Router" subnet, if your PCs are using
any nonrouteable protocols for LOCAL communication (printer sharing, file
sharing, etc.), you are doubly protected because those protocols can't get
out at all... not even to the DSL/Wireless subnet.

Don't get too hung up on the "nonrouteable protocol" issue... it's just an
interesting sidelight that it has double-isolation from the other segments.
Assuming the "DLS/Wireless" Router and the "Wired" Router router are both
using NAT in the usual and customary way, that inner subnet is pretty well
protected for routeable protocols too. Make sure "Universal Plug and Play"
is disabled, and if you do any Port Forwarding, just take appropriate care.

I hope this s.

Bob Bosen
www.AskMisterWizard.com
Tutorial videos for people with work to do

"Kurt" <lorentzenkurt@nospam.hotmail.com> wrote in message
news:120mlfihk1kp76e@corp.supernews.com...
>
> Well, you can't use a non-routable protocol on the router or it wouldn't
> be able to route it.
>
> Internet
> | Your LAN
> DSL Router - Wired Router <
> | (wired) WAP (Private)
> Cafe Router
> |
> WAP (Public)
>
> This setup will allow you complete separation between your private network
> and the cafe Wireless. You can't have it both ways - cafe customers can
> either access the network attached to the WAP or they can't - if you and
> they can both connect, you are connected to each other. SOHO routers will
> isolate because of the NAT (Network Address Translation) not provide
> "outside-in" connections to be made. You'll need to secure your private
> WAP so that cafe clients cannot connect. I'd actually suggest not having a
> WAP on the private LAN, but plug your laptop in for local LAN access, and
> use the cafe wireless just for Internet (being sure you have client for
> microsoft networks and file and print sharing diabled on the wireless).
>
> ...kurt
>
>
> "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message
> news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
>> Someone asked a question previously on a newsgroup which roughly went
>> like this.
>>
>> I have a Cafe and I want to provide broadband access for my customers via
>> my wireless ADSL router. I also have a normal ethernet router through
>> which I run 3 computers.
>>
>> I want to stop people accessing my network but still be able to use the
>> Internet via my wireless access point. Also, I need my 3 computers to be
>> able to access the Internet.
>>
>> The solution by general consenus was to use a non-routable protocol on
>> the wired router, and connect the wired router to the wireless ADSL
>> router thereby automatically creating two subnets.
>>
>> I'm a newbie to networking, but it through up a question that's been
>> bugging me for days. How do his 3 computers access the Internet if they
>> are using a non-routable protocol?
>>
>> Laurence
>>
>>
>
>
>

05/03/2006, 06h59	#1
Laurence Baker Messages: n/a Hébergeur:	A Subnetting/Wireless Access Problem Someone asked a question previously on a newsgroup which roughly went like this. I have a Cafe and I want to provide broadband access for my customers via my wireless ADSL router. I also have a normal ethernet router through which I run 3 computers. I want to stop people accessing my network but still be able to use the Internet via my wireless access point. Also, I need my 3 computers to be able to access the Internet. The solution by general consenus was to use a non-routable protocol on the wired router, and connect the wired router to the wireless ADSL router thereby automatically creating two subnets. I'm a newbie to networking, but it through up a question that's been bugging me for days. How do his 3 computers access the Internet if they are using a non-routable protocol? Laurence

05/03/2006, 11h47	#2
nt Messages: n/a Hébergeur:	Re: A Subnetting/Wireless Access Problem I am also a newbie to networking, but i would guess the 3 hardwired computers would have to have a non routable protocol, such as NetBEUI to connect to each other, but to access the internet they will also have to TCP/IP installed, this is a routable protocol. File and printer sharing will be turned on in NetBEUI, but off on TCP/IP As I said, im also a newbie so i am possibly wrong?

05/03/2006, 21h19	#3
Kurt Messages: n/a Hébergeur:	Re: A Subnetting/Wireless Access Problem Well, you can't use a non-routable protocol on the router or it wouldn't be able to route it. Internet \| Your LAN DSL Router - Wired Router < \| (wired) WAP (Private) Cafe Router \| WAP (Public) This setup will allow you complete separation between your private network and the cafe Wireless. You can't have it both ways - cafe customers can either access the network attached to the WAP or they can't - if you and they can both connect, you are connected to each other. SOHO routers will isolate because of the NAT (Network Address Translation) not provide "outside-in" connections to be made. You'll need to secure your private WAP so that cafe clients cannot connect. I'd actually suggest not having a WAP on the private LAN, but plug your laptop in for local LAN access, and use the cafe wireless just for Internet (being sure you have client for microsoft networks and file and print sharing diabled on the wireless). ....kurt "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com... > Someone asked a question previously on a newsgroup which roughly went like > this. > > I have a Cafe and I want to provide broadband access for my customers via > my wireless ADSL router. I also have a normal ethernet router through > which I run 3 computers. > > I want to stop people accessing my network but still be able to use the > Internet via my wireless access point. Also, I need my 3 computers to be > able to access the Internet. > > The solution by general consenus was to use a non-routable protocol on the > wired router, and connect the wired router to the wireless ADSL router > thereby automatically creating two subnets. > > I'm a newbie to networking, but it through up a question that's been > bugging me for days. How do his 3 computers access the Internet if they > are using a non-routable protocol? > > Laurence > >

07/03/2006, 23h24	#4
Laurence Baker Messages: n/a Hébergeur:	Re: A Subnetting/Wireless Access Problem Yes, as I said I am a newbie. And I've seen various solutions to this problem. Kurt, your solution seems to make more sense. As you said you can't have everything. But, when I saw people suggesting a non-routable protocol to access the internet, I thought, what! Laurence "Kurt" <lorentzenkurt@nospam.hotmail.com> wrote in message news:120mlfihk1kp76e@corp.supernews.com... > > Well, you can't use a non-routable protocol on the router or it wouldn't > be able to route it. > > Internet > \| Your LAN > DSL Router - Wired Router < > \| (wired) WAP (Private) > Cafe Router > \| > WAP (Public) > > This setup will allow you complete separation between your private network > and the cafe Wireless. You can't have it both ways - cafe customers can > either access the network attached to the WAP or they can't - if you and > they can both connect, you are connected to each other. SOHO routers will > isolate because of the NAT (Network Address Translation) not provide > "outside-in" connections to be made. You'll need to secure your private > WAP so that cafe clients cannot connect. I'd actually suggest not having a > WAP on the private LAN, but plug your laptop in for local LAN access, and > use the cafe wireless just for Internet (being sure you have client for > microsoft networks and file and print sharing diabled on the wireless). > > ...kurt > > > "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message > news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com... >> Someone asked a question previously on a newsgroup which roughly went >> like this. >> >> I have a Cafe and I want to provide broadband access for my customers via >> my wireless ADSL router. I also have a normal ethernet router through >> which I run 3 computers. >> >> I want to stop people accessing my network but still be able to use the >> Internet via my wireless access point. Also, I need my 3 computers to be >> able to access the Internet. >> >> The solution by general consenus was to use a non-routable protocol on >> the wired router, and connect the wired router to the wireless ADSL >> router thereby automatically creating two subnets. >> >> I'm a newbie to networking, but it through up a question that's been >> bugging me for days. How do his 3 computers access the Internet if they >> are using a non-routable protocol? >> >> Laurence >> >> > >

10/03/2006, 03h45	#5
Bob Bosen Messages: n/a Hébergeur:	Re: A Subnetting/Wireless Access Problem I'd invert the wiring of the router heirarchy. Consider this: Internet --> DSL/Wireless ---> Wired Router Where your most secure PCs are on the "Wired Router" subnet. They will use routeable protocols to access the Internet, working upstream thru the router hosting the DSL/Wireless subnet. That way your most secure PCs can see the Internet and the DSL/Wireless subnet, but the PCs on the DSL/Wireless subnet can't see anything on the Wired subnet. Furthermore, on the innermost "Wired Router" subnet, if your PCs are using any nonrouteable protocols for LOCAL communication (printer sharing, file sharing, etc.), you are doubly protected because those protocols can't get out at all... not even to the DSL/Wireless subnet. Don't get too hung up on the "nonrouteable protocol" issue... it's just an interesting sidelight that it has double-isolation from the other segments. Assuming the "DLS/Wireless" Router and the "Wired" Router router are both using NAT in the usual and customary way, that inner subnet is pretty well protected for routeable protocols too. Make sure "Universal Plug and Play" is disabled, and if you do any Port Forwarding, just take appropriate care. I hope this s. Bob Bosen www.AskMisterWizard.com Tutorial videos for people with work to do "Kurt" <lorentzenkurt@nospam.hotmail.com> wrote in message news:120mlfihk1kp76e@corp.supernews.com... > > Well, you can't use a non-routable protocol on the router or it wouldn't > be able to route it. > > Internet > \| Your LAN > DSL Router - Wired Router < > \| (wired) WAP (Private) > Cafe Router > \| > WAP (Public) > > This setup will allow you complete separation between your private network > and the cafe Wireless. You can't have it both ways - cafe customers can > either access the network attached to the WAP or they can't - if you and > they can both connect, you are connected to each other. SOHO routers will > isolate because of the NAT (Network Address Translation) not provide > "outside-in" connections to be made. You'll need to secure your private > WAP so that cafe clients cannot connect. I'd actually suggest not having a > WAP on the private LAN, but plug your laptop in for local LAN access, and > use the cafe wireless just for Internet (being sure you have client for > microsoft networks and file and print sharing diabled on the wireless). > > ...kurt > > > "Laurence Baker" <luccombelad-newsgroups@yahoo.co.uk> wrote in message > news:due28j$q9l$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com... >> Someone asked a question previously on a newsgroup which roughly went >> like this. >> >> I have a Cafe and I want to provide broadband access for my customers via >> my wireless ADSL router. I also have a normal ethernet router through >> which I run 3 computers. >> >> I want to stop people accessing my network but still be able to use the >> Internet via my wireless access point. Also, I need my 3 computers to be >> able to access the Internet. >> >> The solution by general consenus was to use a non-routable protocol on >> the wired router, and connect the wired router to the wireless ADSL >> router thereby automatically creating two subnets. >> >> I'm a newbie to networking, but it through up a question that's been >> bugging me for days. How do his 3 computers access the Internet if they >> are using a non-routable protocol? >> >> Laurence >> >> > > >

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email