A few months ago I posted a message about a new user joining in on our
wireless network, and the discussion centred around ways in which that user
could use the network to access the internet but not be able to access other
machines on the network.
The subject has come up again, and without expecting a complete re-analysis
of the problem, I wonder whether what I want to achieve can be achieved by
using a custom subnet mask.
First question is, if I use a custom SNM in order to create 2 subnets, can
either subnet access files on hosts on the other subnet?
Second, how are physical segments actually defined? I suspect I cannot do
this with 1 router, since everything directly connected to that router
(wired or wireless) is as I understand it on a single physical segment.
Let's say I have two routers, is it possible to have one subnet which covers
any machine directly connected to that router (say, wired), and have a
second cable going out to a second router, and anything connected to that
second router (wired or wireless) on a second subnet? Or is that really
everything being connected to the first router (directly or indirectly)
therefore only one physical segment?
If not is there any other way to use two routers to create two subnets
(assuming it achieves the security I'm looking for by denying each subnet
access to files on the other)?
When all is said and done, is it possible to just use Sharing and Security
feature in XP to determine who can see what and access what across the
network, or is this flawed in some way?
"Tanel Kagan" <tanelkagan@(nospamatall).hotmail.com> wrote in message
news:gICdnVAm_bqPhCXUnZ2dnUVZ8jCWnZ2d@bt.com...
> Hello Group,
>
> A few months ago I posted a message about a new user joining in on our
> wireless network, and the discussion centred around ways in which that
> user could use the network to access the internet but not be able to
> access other machines on the network.
>
> The subject has come up again, and without expecting a complete
> re-analysis of the problem, I wonder whether what I want to achieve can be
> achieved by using a custom subnet mask.
>
> First question is, if I use a custom SNM in order to create 2 subnets, can
> either subnet access files on hosts on the other subnet?
>
> Second, how are physical segments actually defined? I suspect I cannot do
> this with 1 router, since everything directly connected to that router
> (wired or wireless) is as I understand it on a single physical segment.
>
> Let's say I have two routers, is it possible to have one subnet which
> covers any machine directly connected to that router (say, wired), and
> have a second cable going out to a second router, and anything connected
> to that second router (wired or wireless) on a second subnet? Or is that
> really everything being connected to the first router (directly or
> indirectly) therefore only one physical segment?
>
> If not is there any other way to use two routers to create two subnets
> (assuming it achieves the security I'm looking for by denying each subnet
> access to files on the other)?
>
> When all is said and done, is it possible to just use Sharing and Security
> feature in XP to determine who can see what and access what across the
> network, or is this flawed in some way?
>
> Regards,
>
> Tanel.
>
yes, i have two wap routers on different subnets, one public/one private,
with the gateway on the second pointing to the first so the cable internet
works on both.....
easy to do the two wap/routers to isolate the subnets, trick was the gateway
so the second subnet users could use the internet, but not see anything
shared on the other subnet
> yes, i have two wap routers on different subnets, one public/one private,
> with the gateway on the second pointing to the first so the cable internet
> works on both.....
> easy to do the two wap/routers to isolate the subnets, trick was the
> gateway so the second subnet users could use the internet, but not see
> anything shared on the other subnet
Hi Peter,
Thanks for responding. I *sort of* understand how you've done it, but would
you be able to give me a little more detail on configuration?
> The subject has come up again, and without expecting a complete
> re-analysis of the problem, I wonder whether what I want to achieve can be
> achieved by using a custom subnet mask.
If by 'custom subnet mask' you mean 'another network', then yes, you
probably can.
> First question is, if I use a custom SNM in order to create 2 subnets, can
> either subnet access files on hosts on the other subnet?
If the router(s) in question support access control lists [commonly referred
to as a 'firewall'], then you can control what has access to what.
> Second, how are physical segments actually defined? I suspect I cannot do
> this with 1 router, since everything directly connected to that router
> (wired or wireless) is as I understand it on a single physical segment.
It Depends. Some routers can be configured with multiple SSIDs, eg routers
that can run DD-WRT. Tell us what hardware you have and we may be able to
give more advice. Routers define the boundaries between segments. That
said, if a router is configured so that it's wireless and wired LAN are
bridged together then effectively you have one segment.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
21:49:51 up 98 days, 1 min, 3 users, load average: 0.06, 0.09, 0.07
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise
"Tanel Kagan" <tanelkagan@(nospamatall).hotmail.com> wrote in message
news:ZbGdnbRbO9dgsyTUnZ2dnUVZ8ryWnZ2d@bt.com...
>> yes, i have two wap routers on different subnets, one public/one private,
>> with the gateway on the second pointing to the first so the cable
>> internet works on both.....
>> easy to do the two wap/routers to isolate the subnets, trick was the
>> gateway so the second subnet users could use the internet, but not see
>> anything shared on the other subnet
>
> Hi Peter,
>
> Thanks for responding. I *sort of* understand how you've done it, but
> would you be able to give me a little more detail on configuration?
>
> Regards,
>
> Tanel.
>
>
>
wap router 1 ssid PPinUSA DHPC server on, cable modem, starting ip
192.168.1.1 starting WIP .100 for 50 (thats the public one, no wep/wpa)
powerline network "injector" <-- not real name but thats what i call it -
plugged into the router part and an ac plug
wap router 2 ssid PPPinUSA (3rd P is for Private) dhcp server on, starting
ip 192.168.2.1, gateway set to .1.1 second powerline device plugged into ac
and lan port (not wan)
can plug #2 in anywhere (like spring/summer in the gazebo so I have internet
there)
don't try and mess with seamless roaming (bad knees don't walk around much,
tend to sit in one place, so if i am connected to one ssid i tend to stay in
one spot and just use that one)
just for fun, went thru my junk box and got a bit silly (3 old wap routers,
and a wiflyer wap) all set to non overlapping ip addresses..... (supposedly
you can have them overlapping, and/but only 1 dhcp server, but I don't
believe it, and this not only seems to work but is repeatable)
i changed the starting ip addresses on the other 3 wap/routers to things
like 192.168.3.1 4.1 5.1, ssid's to PPC PPD PPE, and the wyflyer is .7.77
(by default)
gateway on all set to 1.1
just a caveat here, i was told here don't do it (have more than 1 dhcp
server), wont work..... yet nobody could ever say exactly why, and it works
fine for me, should I change things that are working just fine because
someone says don't do it (why, because i said so, and it's always done that
way... sounds like my mom, like jeff learns by destroying, i tend to learn
by being contrary and doing the opposite of what i'm told)
update, had a bunch (5) more wap routers with no wall warts in my junk box,
got up to PPJ at 10.1, works too, i daisy chain em router to router part...
makes it easily repeatable
just for fun, used my pda and nokia tablet on the j, works fine too....
have the USB printer on a device on the .1. subnet, along with several TB's
of USB drives, and just fired up my linux machine, it works fine too
can i trouble you to try something i'm testing? playing with assigning a
name from a browser to a device on my network... if you go to
marcs1102.homeip.net it should end up at one of the tivos on my network (not
very sexy or useful, but want to play with browser access to my network,
from elsewhere on the net, and i don't have any file server software
handy... ps worked from my pda and tablet, but thats internal, need someone
to give it a shot from outside the network, if you can do it, thanks in
advance).....
> just a caveat here, i was told here don't do it (have more than 1 dhcp
> server), wont work..... yet nobody could ever say exactly why,
It's only a bad idea if they overlap, as you could end up with IP address
conflicts. It's possible to make DHCP servers 'authoritative' so that you
can have two DHCP servers on a subnet for redundancy.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
09:12:47 up 99 days, 11:24, 3 users, load average: 0.15, 0.16, 0.10
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise
New User on Wireless Setup (continued) 
Linear Mode
