Sharing internet but not files on Wifi

Discussion in 'Wireless Networking' started by =?Utf-8?B?RGVlamF5?=, Oct 1, 2006.

  1. I have often enjoyed the 'hospitality' of others by surfing the web on their
    wifi networks, and therefore wish to reciprocate so that anyone can surf on
    my network. I do not, however, wish to compromise my security.

    Is it possible to allow open access to the internet through my network while
    restricting access to shared files so that they are only accessible to
    authorised users?

    Thanks
     
    =?Utf-8?B?RGVlamF5?=, Oct 1, 2006
    #1
    1. Advertising

  2. =?Utf-8?B?RGVlamF5?=

    David Hettel Guest

    Yes it is possible, to setup your network this way. Basically you set your
    access point up without security, and set to broadcast the SSID. Then you
    set your computers up to require a user name and a password. Note that
    because any and all have access to your wireless connection that this will
    make it easier to crack the security on your computers. Be sure to disable
    the anyone account, and on windows XP go to My Computer | Tools | Folder
    Options | View | and in the Advance settings box scroll to the bottom and
    uncheck "use simple file sharing (Recommended) for each folder shared with a
    hand under it.

    --
    David Hettel

    Please post any reply as a follow-up message in the news group
    for everyone to see. I'm sorry, but I don't answer questions
    addressed directly to me in E-mail or news groups.

    Microsoft Most Valuable Professional Program
    http://mvp.support.microsoft.com

    DISCLAIMER: This posting is provided "AS IS" with no warranties, and
    confers no rights

    "Deejay" <> wrote in message
    news:...
    >I have often enjoyed the 'hospitality' of others by surfing the web on
    >their
    > wifi networks, and therefore wish to reciprocate so that anyone can surf
    > on
    > my network. I do not, however, wish to compromise my security.
    >
    > Is it possible to allow open access to the internet through my network
    > while
    > restricting access to shared files so that they are only accessible to
    > authorised users?
    >
    > Thanks
     
    David Hettel, Oct 1, 2006
    #2
    1. Advertising

  3. "Deejay" <> wrote in message
    news:...
    >I have often enjoyed the 'hospitality' of others by surfing the web on
    >their
    > wifi networks, and therefore wish to reciprocate so that anyone can surf
    > on
    > my network. I do not, however, wish to compromise my security.
    >
    > Is it possible to allow open access to the internet through my network
    > while
    > restricting access to shared files so that they are only accessible to
    > authorised users?
    >
    > Thanks


    The way I do that is to configure the XP SP2 Windows Firewall so only
    specific IP addresses on my home LAN can access each other. That is
    configured as a custom address scope for File & Print Sharing.

    http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallCustomScope.JPG

    Of course this means using static IP addresses on your LAN. In the case of
    my laptop my router assigns an IP based on its MAC Address, a pseudo static
    IP so to speak. In the example, this is on my desktop PC, the allowed
    addresses are as follows..

    10.8.0.12 wife's desktop
    10.8.0.31 remote OpenVPN client PC #1
    10.8.0.32 remote OpenVPN client PC #2
    10.8.0.101 my laptop

    http://theillustratednetwork.mvps.org/LAN/TheIllustratedNetworkLAN.htm

    With that scheme guests can access my home LAN and the public internet,
    after I give them the appropriate WPA key of course, but not access shared
    files/folders on my desktop PCs.

    By the way I always run my laptop so the XP SP2 Windows Firewall is
    configured for NO exceptions. I basically set-it-and-forget-it. That way I
    am protected while away from home and connected to open wireless hotspots.
    If I need to get a file from a desktop to my laptop I initiate the file
    transfer from my laptop...

    http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallNoExceptions.JPG

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], Oct 1, 2006
    #3
  4. Thanks for the reply. I cannot find 'use simple file sharing' in the View,
    Advanced scroll box. I have XP Home. Is that the reason?

    "David Hettel" wrote:

    > Yes it is possible, to setup your network this way. Basically you set your
    > access point up without security, and set to broadcast the SSID. Then you
    > set your computers up to require a user name and a password. Note that
    > because any and all have access to your wireless connection that this will
    > make it easier to crack the security on your computers. Be sure to disable
    > the anyone account, and on windows XP go to My Computer | Tools | Folder
    > Options | View | and in the Advance settings box scroll to the bottom and
    > uncheck "use simple file sharing (Recommended) for each folder shared with a
    > hand under it.
    >
    > --
    > David Hettel
    >
    > Please post any reply as a follow-up message in the news group
    > for everyone to see. I'm sorry, but I don't answer questions
    > addressed directly to me in E-mail or news groups.
    >
    > Microsoft Most Valuable Professional Program
    > http://mvp.support.microsoft.com
    >
    > DISCLAIMER: This posting is provided "AS IS" with no warranties, and
    > confers no rights
    >
    > "Deejay" <> wrote in message
    > news:...
    > >I have often enjoyed the 'hospitality' of others by surfing the web on
    > >their
    > > wifi networks, and therefore wish to reciprocate so that anyone can surf
    > > on
    > > my network. I do not, however, wish to compromise my security.
    > >
    > > Is it possible to allow open access to the internet through my network
    > > while
    > > restricting access to shared files so that they are only accessible to
    > > authorised users?
    > >
    > > Thanks

    >
    >
    >
     
    =?Utf-8?B?RGVlamF5?=, Oct 1, 2006
    #4
  5. It appears that your solution is to grant individual access even for the web.
    Ideally, I wish web access through my network to be free for all but access
    to shared files only to the computers within my home.

    "Sooner Al [MVP]" wrote:

    > "Deejay" <> wrote in message
    > news:...
    > >I have often enjoyed the 'hospitality' of others by surfing the web on
    > >their
    > > wifi networks, and therefore wish to reciprocate so that anyone can surf
    > > on
    > > my network. I do not, however, wish to compromise my security.
    > >
    > > Is it possible to allow open access to the internet through my network
    > > while
    > > restricting access to shared files so that they are only accessible to
    > > authorised users?
    > >
    > > Thanks

    >
    > The way I do that is to configure the XP SP2 Windows Firewall so only
    > specific IP addresses on my home LAN can access each other. That is
    > configured as a custom address scope for File & Print Sharing.
    >
    > http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallCustomScope.JPG
    >
    > Of course this means using static IP addresses on your LAN. In the case of
    > my laptop my router assigns an IP based on its MAC Address, a pseudo static
    > IP so to speak. In the example, this is on my desktop PC, the allowed
    > addresses are as follows..
    >
    > 10.8.0.12 wife's desktop
    > 10.8.0.31 remote OpenVPN client PC #1
    > 10.8.0.32 remote OpenVPN client PC #2
    > 10.8.0.101 my laptop
    >
    > http://theillustratednetwork.mvps.org/LAN/TheIllustratedNetworkLAN.htm
    >
    > With that scheme guests can access my home LAN and the public internet,
    > after I give them the appropriate WPA key of course, but not access shared
    > files/folders on my desktop PCs.
    >
    > By the way I always run my laptop so the XP SP2 Windows Firewall is
    > configured for NO exceptions. I basically set-it-and-forget-it. That way I
    > am protected while away from home and connected to open wireless hotspots.
    > If I need to get a file from a desktop to my laptop I initiate the file
    > transfer from my laptop...
    >
    > http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallNoExceptions.JPG
    >
    > --
    >
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the
    > mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights...
    >
    >
     
    =?Utf-8?B?RGVlamF5?=, Oct 1, 2006
    #5
  6. =?Utf-8?B?RGVlamF5?=

    David Hettel Guest

    Correct, Windows XP Home does not have the same networking features as XP
    Pro. Another option for added security would be to purchase a second
    wireless router, that would have security setup on it, for your network.
    Router 1 would be directly connected to your hi-speed connection and would
    provide free access to the Internet, it can be inexpensive, set it up to put
    router 2 in the DMZ. Router 2 should have a firewall, and it's firewall will
    protect you from the public on the internet, as well as anyone logged into
    your free access point.

    Cable/DSL Modem
    |
    Wireless router 1 open no security IP range 192.168.2.1
    |
    Wireless router 2 Secure IP range 192.168.2.1

    --
    David Hettel

    Please post any reply as a follow-up message in the news group
    for everyone to see. I'm sorry, but I don't answer questions
    addressed directly to me in E-mail or news groups.

    Microsoft Most Valuable Professional Program
    http://mvp.support.microsoft.com

    DISCLAIMER: This posting is provided "AS IS" with no warranties, and
    confers no rights

    "Deejay" <> wrote in message
    news:...
    > Thanks for the reply. I cannot find 'use simple file sharing' in the View,
    > Advanced scroll box. I have XP Home. Is that the reason?
    >
    > "David Hettel" wrote:
    >
    >> Yes it is possible, to setup your network this way. Basically you set
    >> your
    >> access point up without security, and set to broadcast the SSID. Then you
    >> set your computers up to require a user name and a password. Note that
    >> because any and all have access to your wireless connection that this
    >> will
    >> make it easier to crack the security on your computers. Be sure to
    >> disable
    >> the anyone account, and on windows XP go to My Computer | Tools | Folder
    >> Options | View | and in the Advance settings box scroll to the bottom and
    >> uncheck "use simple file sharing (Recommended) for each folder shared
    >> with a
    >> hand under it.
    >>
    >> --
    >> David Hettel
    >>
    >> Please post any reply as a follow-up message in the news group
    >> for everyone to see. I'm sorry, but I don't answer questions
    >> addressed directly to me in E-mail or news groups.
    >>
    >> Microsoft Most Valuable Professional Program
    >> http://mvp.support.microsoft.com
    >>
    >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
    >> confers no rights
    >>
    >> "Deejay" <> wrote in message
    >> news:...
    >> >I have often enjoyed the 'hospitality' of others by surfing the web on
    >> >their
    >> > wifi networks, and therefore wish to reciprocate so that anyone can
    >> > surf
    >> > on
    >> > my network. I do not, however, wish to compromise my security.
    >> >
    >> > Is it possible to allow open access to the internet through my network
    >> > while
    >> > restricting access to shared files so that they are only accessible to
    >> > authorised users?
    >> >
    >> > Thanks

    >>
    >>
    >>
     
    David Hettel, Oct 1, 2006
    #6
  7. "Deejay" <> wrote in message
    news:...
    > It appears that your solution is to grant individual access even for the
    > web.
    > Ideally, I wish web access through my network to be free for all but
    > access
    > to shared files only to the computers within my home.
    >
    > "Sooner Al [MVP]" wrote:
    >
    >


    If you want unlimited free access to the public internet through your home
    wireless router then simply disable any security your using, ie. WPA or WEP.
    Personally I advise against that...

    The way I read your original post is you want unlimited access to the public
    internet through your home wireless router for guests but block those guests
    from accessing shared files/folders on your personal PCs, correct? If so
    then the firewall scheme I gave you will do that as long as you turn
    off/disable encryption.

    Otherwise David's suggestion about a second router would work as would a new
    router that supports multiple Virtual LANs (VLANS)...

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...
     
    Sooner Al [MVP], Oct 1, 2006
    #7
  8. Hi

    The best way (as mentioned by David above) is to segregate your Network,
    given the current price of Wireless Cable/DSL Routers it is a good
    investment. http://www.ezlan.net/segregation.html

    Otherwise, use Software Firewall on each computer; assign static IP to each
    computer on your Network within a given band (like 192.168.100.1 to
    192.168.100.x ).

    Assign another band with DHCP for guests (like 192.168.20.1 to
    192.168.20.x).

    Put your static band into the Trusted Zone of the Software Firewall on each
    computer.

    Voila, Guests would be able to access the Internet, but will be "banned"
    from your computers.

    Jack (MVP-Networking).



    "Deejay" <> wrote in message
    news:...
    >I have often enjoyed the 'hospitality' of others by surfing the web on
    >their
    > wifi networks, and therefore wish to reciprocate so that anyone can surf
    > on
    > my network. I do not, however, wish to compromise my security.
    >
    > Is it possible to allow open access to the internet through my network
    > while
    > restricting access to shared files so that they are only accessible to
    > authorised users?
    >
    > Thanks
     
    Jack \(MVP-Networking\)., Oct 1, 2006
    #8
  9. Jack (MVP-Networking). <> wrote:

    <snip>

    > Otherwise, use Software Firewall on each computer; assign static IP to each
    > computer on your Network within a given band (like 192.168.100.1 to
    > 192.168.100.x ).
    >
    > Assign another band with DHCP for guests (like 192.168.20.1 to
    > 192.168.20.x).
    >
    > Put your static band into the Trusted Zone of the Software Firewall on each
    > computer.
    >
    > Voila, Guests would be able to access the Internet, but will be "banned"
    > from your computers.


    In that case, can a guest not just assign themselves a ip-address from
    the static band and gain access?
     
    Axel Hammerschmidt, Oct 2, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Philip Herlihy
    Replies:
    0
    Views:
    4,629
    Philip Herlihy
    Jul 1, 2004
  2. Ranjan

    internet sharing via WiFi

    Ranjan, Jul 17, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    19,713
  3. =?Utf-8?B?Q2hyaXMgQ2xhcms=?=

    File Sharing Intermittent but Pings fine and iTunes Sharing works

    =?Utf-8?B?Q2hyaXMgQ2xhcms=?=, Dec 5, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    732
    Malke
    Dec 5, 2004
  4. =?Utf-8?B?ZHRhcHBlbkByb2dlcnMuY29t?=

    2 desktop connected and sharing, 1 laptop connect but not sharing

    =?Utf-8?B?ZHRhcHBlbkByb2dlcnMuY29t?=, Sep 2, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    628
    =?Utf-8?B?ZHRhcHBlbkByb2dlcnMuY29t?=
    Sep 2, 2005
  5. (PeteCresswell)
    Replies:
    2
    Views:
    628
    Jack \(MVP-Networking\).
    Dec 29, 2008
Loading...

Share This Page