Re: uplink newbie question

From: Chuck (none_at_example.net)
Date: 11/11/04

Next message: love2sail: "Can't share a printer but can share files"
Previous message: Mike: "XP client can't connect to the internet after joining a Windows do"
In reply to: Robert Frost: "uplink newbie question"
Next in thread: Robert Frost: "Re: uplink newbie question"
Reply: Robert Frost: "Re: uplink newbie question"
Messages sorted by: [ date ] [ thread ]

Date: 11 Nov 2004 17:14:12 -0600

On 11 Nov 2004 08:59:12 -0800, *email_address_deleted* (Robert Frost) wrote:

>I have 3 computers running xp networked via a netgear wireless router.
>
>I have a wireless laptop also running xp which connects perfectly to
>the lan via a wireless link to the netgear router and can access files
>on the other computers.
>
>I have a separate building in which there is a linksys wireless router
>which is connected by ethernet cable to the 4th port on the netgear
>router and is intended purely as a wireless access point. This works
>fine for internet access but will not allow the laptop to access the
>lan. Presumably this is because of a firewall in the linksys.
>
>The netgear router can see the linksys and gives it IP and MAC
>addresses.
>
>How can I get into the linksys to turn the firewall off?

Robert,

Not all NAT routers contain firewalls. And those that do, do not firewall
outgoing traffic. If your laptop, connected to the Linksys, needs to access the
LAN on the Netgear, it's creating outgoing traffic thru the Linksys, which is
not filtered.

I'll bet your problem is caused by subnetting. To use the Linksys as a WAP, you
need to:
1) Login to the Linksys, and disable the DHCP server.
2) Change the Linksys LAN port address to something on the same subnet as the
Netgear LAN - but outside the Netgear DHCP scope.
3) Connect the Linksys to the Netgear thru LAN ports on both.
4) If the laptop is setup as a DHCP client, and the Netgear LAN is on DHCP, the
laptop should connect, and should be able to access any of its peers on your one
LAN. If the Netgear LAN is (hopefully) using fixed ip addresses, assign an
appropriate address to the laptop.

But please don't stop there - using DHCP on a wireless LAN exposes all the
computers, wired and wireless.

Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.

The point is, you need to protect a wireless LAN with more precautions than just
the NAT firewall.

Change the router management password, and disable remote (WAN) management.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually.

Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Configure
the firewall to allow file sharing only in the Local Zone.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
here). Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.

Cheers,
Chuck

-- 
Paranoia comes from experience - and is not necessarily a bad thing.

Next message: love2sail: "Can't share a printer but can share files"
Previous message: Mike: "XP client can't connect to the internet after joining a Windows do"
In reply to: Robert Frost: "uplink newbie question"
Next in thread: Robert Frost: "Re: uplink newbie question"
Reply: Robert Frost: "Re: uplink newbie question"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Connect a Wireless Router to my SBS Network
... I assume your DSL modem-router is acting as a router (with a WAN and a LAN ... This setup is the Airlink wireless attached to the 5-port switch? ...
(microsoft.public.windows.server.sbs)
Re: ICS, wireless, Access point problems...big time
... If the NetGear device is a router, why not simply configure it the same ... as the Linksys and get rid of the Linksys altogether? ... LAN port to a NetGear LAN port. ... > wireless or cable high speed available. ...
(microsoft.public.windowsxp.network_web)
Re: ICS, wireless, Access point problems...big time
... Disconnect the NetGear and/or new Linksys device and manually configure ... I replaced the wireless Netgear router ...
(microsoft.public.windowsxp.network_web)
Re: Breadbored questions
... with a "Livebox" wireless router also included ... existing Netgear wireless modem/router, nor if I could still use the VoIP ... someone with enough nous to a) change the password; and b) disable the WiFi, ...
(uk.rec.sheds)
Re: shelf life on cheap wireless routers?
... Find a known working wireless router or client ... > $35 Netgear whatever. ...
(alt.internet.wireless)