Re: sharing broadband with guests
From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 10/31/05
- Next message: Steven L Umbach: "Re: sharing broadband with guests"
- Previous message: Dave Cleveland: "sharing broadband with guests"
- In reply to: Dave Cleveland: "sharing broadband with guests"
- Next in thread: Steven L Umbach: "Re: sharing broadband with guests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Oct 2005 23:10:25 -0800
On Sun, 30 Oct 2005 21:30:58 -0700, Dave Cleveland wrote:
> I want to share a DSL connection with guests via WiFi in a small mountain
> inn. The DSL modem is also a wireless router which protects my whole
> network from the outside world. My question is how do I protect the two
> business PC's from the guests? Is it enough to run the XP firewall and use
> strong passwords, or do I need an additional hardware firewall between me
> and the guests? This lodge is in a remote mountain area so I'm not planning
> to use any wireless encryption methods because it will be a hassle to make
> sure all guests know how to use it. Is it a bad idea to leave the wireless
> network wide open in my situation?
To the last question; "Yes!"
What you need is a second NAT router. Connect one wired LAN port of the
modem/w-router to the WAN port of the new router. Set either router LAN IP
address to a different block. If you leave the W-LAN at 192.168.x.x, your
guests can figure out how to associate to the LAN. Change your second
router to use something like 172.24.42.1 with a subnet mask of
255.255.255.0. That will give you a range of usable IP addresses from
172.24.42.1 to 172.24.42.254. You will still be able to reach the Internet
from behind that second router; but your guests won't be able to reach your
LAN behind that second router. (That range of reserved IP addresses only
runs from 172.16.0.0 to 172.31.255.255; keep it within those limits.)
Frankly, though, I would be inclined to set up two new routers; one
wireless, the other wired only. Use the modem/router to wire a connection
to the WAN port of each of the second routers. Don't allow wireless access
on the modem/router LAN. In fact, use a subnet mask that would restrict the
number of devices on this "outer" LAN. Something like, 192.168.0.1, with a
subnet mask of 255.255.255.252; that should restrict your addresses to just
192.168.0.1 on the wired only router WAN port, and 192.168.0.2 on the
wireless router WAN port.
Keep the 172.24.42.0/24 LAN wired only. Set up the second wireless router
on 192.168.x.1, where 'x' is not the same on the new wireless router as it
is on the modem/router. Completely disable wireless on the modem/router.
Zip, nada, zilch. Don't allow any wireless connection to that device at
all. This will both create two completely isolated LANs, and it will also
mitigate the chance of W-LAN guests sniffing the wired LAN packets.
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Next message: Steven L Umbach: "Re: sharing broadband with guests"
- Previous message: Dave Cleveland: "sharing broadband with guests"
- In reply to: Dave Cleveland: "sharing broadband with guests"
- Next in thread: Steven L Umbach: "Re: sharing broadband with guests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
