Q. re limiting LAN access to certain PCs

Discussion in 'Computer Support' started by Jimmy Dean, Jul 4, 2007.

  1. Jimmy Dean

    Jimmy Dean Guest

    How do I do this:

    I have a 4 PC LAN connected to the Net via an ADSL modem router.

    Sometimes I have guests who bring their laptops, and I want to give
    them Net access, but want to keep them from having access to the 4
    LAN PCs - avoids spreading potential infections etc.

    Is there a simple way to do this?

    TIA

    jd
     
    Jimmy Dean, Jul 4, 2007
    #1
    1. Advertisements

  2. Yes, do not allow them to access the net over your net until you're sure
    they've been scrubbed clean.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 4, 2007
    #2
    1. Advertisements

  3. Jimmy Dean

    WhzzKdd Guest


    Or unplug his own systems while the other is connected. I do this when I
    bring home a PC that I'm working on if I don't know what condition it is in.
    That way, I get online with my broadband for online scans and such, but my
    PCs aren't going to be infected by something from the "visiting" system.
     
    WhzzKdd, Jul 4, 2007
    #3
  4. Zackly. Another way of asking his question would be "How can I let a
    disease ridden system onto my little LAN and not expose the other
    machines to bad stuff?"
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 4, 2007
    #4
  5. Jimmy Dean

    Mike Easter Guest

    Jimmy Dean wrote:
    X-Newsreader: Forte Agent 4.1/32.1088
    Password protect the shares. They don't need to be reading or writing
    on the LAN.
     
    Mike Easter, Jul 4, 2007
    #5
  6. Jimmy Dean

    why? Guest

    You can do this with 2 routers.

    1st router is ADSL/your LAN. The 2nd router set to a different IP
    address range. Plug the 2nd router WAN port into a LAN port of the 1st
    router. If you need extral ports for the 4th LAN PC you get a switch and
    plug it into 1 of the 4 LAN ports then 2 PCs into the switch.

    It's been a while since doing this, look for some of my old posts in
    24HSHD it's been mentioned before. Setup was a Cable Modem/Netgear RT314
    and a Belkin F5D7230-4. This is with any routing such as RIP/RIP2
    disabled.

    Me
     
    why?, Jul 4, 2007
    #6
  7. Jimmy Dean

    Jimmy Dean Guest

    I do that if no one else is using their PC, but they often are.

    jd
     
    Jimmy Dean, Jul 5, 2007
    #7
  8. Jimmy Dean

    Jimmy Dean Guest

    That used to be possible with Win9x but how to do with XP? Latter
    uses Permissions which always gets me bamboozled (how do you add
    another PC on the LAN - when you try to Add, you only get offered the
    local PC - if you enter another LAN PC name, it says it can't find it)

    jd
     
    Jimmy Dean, Jul 5, 2007
    #8
  9. Jimmy Dean

    Mr. Arnold Guest

    You have your 4 machines use static IP(s) on the router. Then you use a
    personal firewall on the 4 machines and set rules to only allow traffic
    between the static IP(s).
     
    Mr. Arnold, Jul 5, 2007
    #9
  10. Jimmy Dean

    Mike Easter Guest

    All of the operating systems on my lan are either W98se or linux
    distros. I don't have any XP in my network.

    Maybe someone else will speak up. I have one XP machine over yonder
    behind me, but it isn't networked with the rest.
     
    Mike Easter, Jul 5, 2007
    #10
  11. Jimmy Dean

    Jimmy Dean Guest

    Didn't work, at least not with 2 ADSL modem "routers" Netgear DG834
    (set to 192.168.1.1/255.255.255.0) and D-Link DSL-G604T
    (10.1.1.1/255.0.0.0).

    10.1.1.1 was connected to ADSL phoneline. With PC to-be-isolated
    connected to DG834, couldn't get Net access when connected as you
    described.

    Anything I should check?

    jd
     
    Jimmy Dean, Jul 5, 2007
    #11
  12. It is more simple to set your router to reserve IPs based on the MAC
    addresses of your PCs, somehow outside the standard dhcp range.
    Then, on your lan pcs, use a "firewall" to allow only the predefined address
    range for incoming connections.
    If you set up a (matching) username and password on all your machines, and
    use that one to logon, you add more security.
     
    Walter Mautner, Jul 5, 2007
    #12
  13. Jimmy Dean

    Kraftee Guest

    You could try using another domain name for the guest PC, it would cut
    down the probability, but the only way to be sure is to have a
    seperate router & firewall. Put your LAN behind the firewall & plug
    the guest into the router.

    Problem solved, your LAN would have it's connectivity & be protected
    by the firewall box, the guest would have connectivity but would be
    effectively blocked from your LAN by the firewall..
     
    Kraftee, Jul 5, 2007
    #13
  14. Jimmy Dean

    Kraftee Guest

    That's because you require an ADSL router plus a seperate Ethernet
    router, then it would work. It will work exactly as I have already
    posted but instead of using a firewall you use the ethernet router
     
    Kraftee, Jul 5, 2007
    #14
  15. Jimmy Dean

    why? Guest

    That was a CM/Ethernet router to an Ethernet router. Don't what the WAN
    ports those ADSL router's you mentioned are without looking, assume
    ADSL/Ethernet and Ethernet. Last time I did it was with a Cisco 2561
    which is not a common option. In that case I had to enable RIP and set a
    route between 3 networks. The RT314 and F5d7230 was a while ago.
    Would have to try it again, looking for the old posts for the date to
    find notes.

    Maybe it was a route add on the PC? I really can't recall just now.
    Me
     
    why?, Jul 5, 2007
    #15
  16. Jimmy Dean

    Plato Guest

    What if you installed a software firewall on the 4 pcs. It wont
    interfere with what the router does.
     
    Plato, Jul 5, 2007
    #16
  17. Jimmy Dean

    Jimmy Dean Guest

    I have been trying to do something like that using Sygate Personal
    Firewall 5.6 and MAC addresses.

    I set a rule to block everything.
    Then another rule to allow everything for desired MAC addresses

    It should work but it doesn't. Everything is blocked OK, but nothing
    is allowed. Order of rules is correct.

    jd
     
    Jimmy Dean, Jul 6, 2007
    #17
  18. Jimmy Dean

    Jimmy Dean Guest

    Yes I suspected as such. Wonder how much an Ethernet (true router)
    costs...?

    jd
     
    Jimmy Dean, Jul 6, 2007
    #18
  19. Jimmy Dean

    Mr. Arnold Guest

    I don't use Sygate, but I don't see why you cannot set the rules by static
    LAN IP(s). Block all IP(s) and then rules to allow the static IP(s), which I
    have done with BlackIce and IPSec with machines on the LAN.
     
    Mr. Arnold, Jul 6, 2007
    #19
  20. Jimmy Dean

    Jimmy Dean Guest

    Yes I have done that now using SPF or ZoneAlarm

    thanks

    jd
     
    Jimmy Dean, Jul 6, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.