Re: Public/Private network split.

From: Thomas Hertel (Thomas.Hertel_at_gmx.net)
Date: 01/29/04 

Date: Thu, 29 Jan 2004 08:55:20 +0100

J. M. L. schrieb:

>I have a question concerning trying to set up a public/private
>network... I have a retail establishment with DSL service. I
>currently use a DSL router to share that connection amongst my various
>staff computers. I want to add a wireless access point to the network
>so that my customers can use my DSL connection to get to the net...
>however... I don't want them to be able to see/touch/talk to any of
>the computers on the private part of my network.
>
>I'm looking for the simplest way to implement a separation of this
>network -- minimal software set up -- just a dedicated black box that
>I can stick between the networks. Here's what I thought would work.
>
>Plug in a new wireless broadband router's uplink port to one of the
>network ports on my private network. Lock down this router so ONLY
>TCP/IP traffic goes through, and lock down which ports are open.
>Theoretically, this would create a private network inside my private
>network... No one connected to my wireless router would be able to
>sniff packets on the private part of my network, because Ethernet
>packets won't be routed past the wireless broadband router, and no one
>on this wireless network would be able to do anything that I didn't
>want them to do -- I could close up specific ports by configuring the
>wireless router.

There is a misconception here. You cannot block Ethernet and let
TCP/IP through, just because IP is carried in Ethernet frames within
your network. So you need Ethernet which makes up the physical
connection for IP.

The solution Leythos suggested sounds very reasonable to me. Of course
this assumes that the wireless router itself has no leaks and security
flaws, but I think you can trust them. Also you will have to make sure
that none of your clients has physical access to the connection
between the Wireless router and the incoming DSL line.

Thomas 

-- 
If it´s good, they´ll stop making it.
Mailadresse für Non-Spam: _Meine_Initialen_bei_arcendo_Punkt_com

Relevant Pages

  • Re: Using Remote Desktop From an SBS Domain
    ... After I thought about needing 3389 forwarded on my router to allow me to ... Remote Desktop "out" from a workstation on my SBS network to a host XP ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Unable to obtain a server- assigned IP address Try again later or enter an IP address in Net
    ... I can go to Control Panel - Network and Internet Connections - ... If yours is not a subset of your router, ... I have a LINKSYS router (4 port connection) - I have my cable modem ...
    (microsoft.public.pocketpc)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Loss of Connectivity on Only One PC on a LAN
    ... When you ran the Network Setup Wizard, ... The original setup of the LAN was done entirely by the user of the other PC on that LAN in July. ... I use a LAN connection which consists of two PCs each connected to a Linksys BEFSR 41 Router. ...
    (microsoft.public.windowsxp.network_web)