View Full Version : assistance /w firewall
Halki
01-11-2005, 07:59 PM
folks, this friend of mine has a little problem about his home network - he wants to provide internet for his BNC home network as well as for his friends in the wireless network. Prob is, that he doesn't want his frients to browse the harddisks of the comps in the private network, cept the server. So it would be nice to block the access with some sort of a firewall, but i'm not sure which one can set access rights machine after machine, to this day i only saw internet/trusted zone separation. Any ideas?
Breit
02-27-2005, 08:56 AM
if i get that right, then he has an access point w/ build-in router functionality and that ap/router establishes the connection to the isp?!
if he only wants, that the wireless hosts have internet access (so as the hosts on the wired network) but not access to the wired hosts, then i would prefer different subnets on those 2 groups.
for instance:
wireless subnet (maybe per dhcp from the ap): 192.168.1.x/255.255.255.0
wired subnet: 192.168.0.x/255.255.255.0
as long as the ap does not route between those 2 subnets, then he will be fine.
btw: this requires, that the access point does not allow a manually configured ip-adress on the wireless network from the adress-range 192.168.0.x/255.255.255.0!
if that is not possible, then he should install a router-software on that xp-host and get rid of that network bridge. then he should configure the adapter connected to the ap with an address from the wireless network and the adapter connected to the wired network with an address from that range.
the router software on the xp-host now have to be configured to route between those to subnets. (i would prefer that method! :))
this means, that the xp-host is now the gateway for the wired network an routes traffic to the ap, which is the gateway for entire network and so routes the traffic to the gateway from the isp.
a zone-configuration on a software-firewall on the xp-host does not help here, 'cause the xp-host is configured with a network bridge, which means, that it has only one (logical) network adapter and so this can be placed in only one zone...
if he installs some kind of routing software on the xp-host and removes the network-bridge, then the firewall-trick will help, but then, of course, he don't need it with a proper configuration of the routing software.
hope this helps... ;)
cheers
breit
Halki
02-27-2005, 06:09 PM
cheers! :D
thanx alot m8, almost stopped hopin' :)
vBulletin® v3.7.0, Copyright ©2000-2008, Jelsoft Enterprises Ltd.