Re: Dual router or just a switch

From: Leythos (void_at_nowhere.org)
Date: 10/13/04 

Date: Wed, 13 Oct 2004 16:18:00 GMT

In article <a80e19c9.0410130817.30172049@posting.google.com>,
m.l.carpenter@att.net says...
> The local library has approached me regarding public access to the
> internet for patrons using their personal laptops. They are currently
> using a dsl connected to a dsl router with firewall, then connected to
> their switch. In order to provide this acces and keep the public
> users separated from the library's internal network, would it be best
> to use a switch connected between the modem and router, which would
> put the switch outside the firewall. Or should another router be
> installed and if so, how should it be installed and configured? We are
> working with a very limited budget and are not concerned with
> outsiders having access to the library patrons pcs, as we feel
> protecting their personal pcs is their responsibility.

there are two ways to do this:

1) Setup a WAP on a second public IP without providing access to the
internal network.

2) Since they have a firewall, if it's a real firewall, it should have a
DMZ port, connect the WAP to the DMZ port and setup rules according to
what you want them to have access too.

If the DSL Router is just a NAT box and not a firewall, you could
install NAT routers - one is the master (first) link and chains to the
WAN port of the second router - the second one is the one that the
Library uses for itself, the first one is the one that the WAP and
public accessible computer connect to. This would isolate the local
network from what the public has access to.

You still want the users to have to enter a KEY to access the WAP, or
you may have unauthorized users hitting it. 

-- 
-- 
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: 3 LAN, 2 WAN - 2 LAN use 1 WAN, last LAN uses other WAN
    ... Internet over different paths after that. ... With a single LAN Router for all the segments, ... Then each "business" uses the Firewall they are supposed to use for the ...
    (microsoft.public.windows.server.networking)
  • Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... >It will be a while I get the router and do that. ... >> labelling on the box to be sure it has firewall features. ... name, like Disconnect from Internet, and click Finish. ... generally talking only about "critical patches" that affect security. ...
    (comp.security.firewalls)
  • Re: Networking problems with router between 2 p.c.s
    ... >> router for internet access. ... >> disable the internet connection firewall in the LAN ... isn't suitable for use on a local area network. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Is this a wise configuration?
    ... A have a single DSL connection to the internet at my house. ... connection goes through a router, ... With this many "test" servers running, however, there are many ... Generally referred to as "DMZ" when you search for firewall info ...
    (comp.os.linux.networking)
  • Re: MAJOR Hacking
    ... > efforts with router, personal firewalls, etc. Brand new computer ... > (AIM, internet expplorer, svchost.exe etc) accessing the internet ... > server whose IP seems to be masked to my firewall logs. ... Kerio Personal Firewall ...
    (microsoft.public.security)