How2 allow a local computer to access Internet, but not other locals - LAN/network/firewall config?
From: Igor (Igor9273@sprynet.com)Date: 04/07/02
- Next message: Marcellus Wallace: "Re: Good cheap firewall.."
- Previous message: dbellamy: "Re: ipchains - Rule to block out 24.x.x.x addressing"
- Next in thread: Ric Griffy: "Re: How2 allow a local computer to access Internet, but not other locals - LAN/network/firewall config?"
- Reply: Ric Griffy: "Re: How2 allow a local computer to access Internet, but not other locals - LAN/network/firewall config?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Igor <Igor9273@sprynet.com> Date: Sun, 07 Apr 2002 16:11:37 -0400
I want to allow someone to hook into my network and access the Internet through my Linksys
router but not access other computers on the LAN.
I have a Linksys router and use ZoneAlarm. I use file and print sharing w/ passwords for
the devices now on my network, but I do not want to rely on that for security when a
visitor plugs into the LAN with a laptop. File and print sharing are _not_ bound to
TCP/IP, but rather to Netbui. ZoneAlarm does not list any of the other computers now
plugged into my network, but they can all communicate with each other, share files, and
print -- which, in theory, they should not be able to do based on what I have read (and
tried to understand) at ZA's website. My _guess_ is that because I am using Netbui,
ZoneAlarm is not monitoring the communications, but repeated e-mails to ZA has only
resulted in canned replies that have no applicability. If this is so, I suppose I could
unbind everything to Netbui and bind them to TCP/IP, but I have it set the way it is now
because the established security guru at grc.com, Steve Gibson, has recommended it. As
for Linksys, they tell me how I can allow LAN access and block Internet access rather than
what I want to do, which is allow Internet access and block LAN access.
Additional info about my system:
All connections run through the router
Also use 1 switch and 1 hub
Each device has only 1 10/100 NIC
CAT5/5e used throughout
Printers accessed through networked PCs (i.e., printers do not have their own NICs)
All MS Windows environment
Will soon be adding small Unix-based server
P2P network; Windows "logon" (i.e., not Client for MS Networks)
Linksys router BEFSR41
ZoneAlarm (latest basic version, not Pro)
Norton Internet Security 2001(some features)
So, I would like to identify 1 or 2 IP addresses in my LAN and say they can access the
Internet but not other computers/printers on the LAN. I would like to avoid having to
reconfigure the system from P2P to a server-authentication system. I would be willing to
buy some software or another moderately-priced piece of hardware if that will do the
trick. Also, I will be adding a small server soon (no real transactions, just browsing
and some db recording) and am very concerned about security of files not on the server --
e.g., if someone hacked the UNIX/Apache server they could then use it to hack other PCs on
the LAN. (As may be apparent from the above, I am only a novice on security.) So, maybe
now is the time to gte a firewall box, if necessary. In anay event, any proposed
solutions are welcome. Thanks. -- Igor
- Next message: Marcellus Wallace: "Re: Good cheap firewall.."
- Previous message: dbellamy: "Re: ipchains - Rule to block out 24.x.x.x addressing"
- Next in thread: Ric Griffy: "Re: How2 allow a local computer to access Internet, but not other locals - LAN/network/firewall config?"
- Reply: Ric Griffy: "Re: How2 allow a local computer to access Internet, but not other locals - LAN/network/firewall config?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
