Re: uplink newbie question

From: Chuck (none_at_example.net)
Date: 11/12/04 

Date: 12 Nov 2004 10:11:12 -0600

On 12 Nov 2004 02:26:17 -0800, thepineappleman@yahoo.co.uk (Robert Frost) wrote:

>Chuck <none@example.net> wrote in message news:<v3r7p0d7r7cltpe9eau7i6ugrpvuh5fkbb@4ax.com>...
>> On 11 Nov 2004 08:59:12 -0800, *email_address_deleted* (Robert Frost) wrote:
>>
>> >I have 3 computers running xp networked via a netgear wireless router.
>> >
>> >I have a wireless laptop also running xp which connects perfectly to
>> >the lan via a wireless link to the netgear router and can access files
>> >on the other computers.
>> >
>> >I have a separate building in which there is a linksys wireless router
>> >which is connected by ethernet cable to the 4th port on the netgear
>> >router and is intended purely as a wireless access point. This works
>> >fine for internet access but will not allow the laptop to access the
>> >lan. Presumably this is because of a firewall in the linksys.
>> >
>> >The netgear router can see the linksys and gives it IP and MAC
>> >addresses.
>> >
>> >How can I get into the linksys to turn the firewall off?
>>
>> Robert,
>>
>> Not all NAT routers contain firewalls. And those that do, do not firewall
>> outgoing traffic. If your laptop, connected to the Linksys, needs to access the
>> LAN on the Netgear, it's creating outgoing traffic thru the Linksys, which is
>> not filtered.
>>
>> I'll bet your problem is caused by subnetting. To use the Linksys as a WAP, you
>> need to:
>> 1) Login to the Linksys, and disable the DHCP server.
>> 2) Change the Linksys LAN port address to something on the same subnet as the
>> Netgear LAN - but outside the Netgear DHCP scope.
>> 3) Connect the Linksys to the Netgear thru LAN ports on both.
>> 4) If the laptop is setup as a DHCP client, and the Netgear LAN is on DHCP, the
>> laptop should connect, and should be able to access any of its peers on your one
>> LAN. If the Netgear LAN is (hopefully) using fixed ip addresses, assign an
>> appropriate address to the laptop.
>>
>> But please don't stop there - using DHCP on a wireless LAN exposes all the
>> computers, wired and wireless.
>>
>> Here's a story about somebody's very stupid wireless neighbor. Don't expect all
>> wireless neighbors to be this stupid.
>> <http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.
>>
>> The point is, you need to protect a wireless LAN with more precautions than just
>> the NAT firewall.
>>
>> Change the router management password, and disable remote (WAN) management.
>>
>> Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
>> has fleas").
>>
>> Enable MAC filtering.
>>
>> Change the subnet of your LAN - don't use the default.
>>
>> Disable DHCP, and assign an address to each computer manually.
>>
>> Install a software firewall on every computer connected to a wireless LAN. Put
>> manually assigned ip addresses in the Local (highly trusted) Zone. Configure
>> the firewall to allow file sharing only in the Local Zone.
>>
>> Don't disable SSID broadcast - some configurations require the SSID broadcast.
>> But change the SSID itself - to something that doesn't identify you, or the
>> equipment.
>>
>> Enable the router activity log. Examine it regularly. Know what each
>> connection listed represents - you? a neighbor?.
>>
>> Use non-trivial accounts and passwords on every computer connected to a wireless
>> LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
>> here). Rename Administrator, to a non-trivial value, and give it a non-trivial
>> password. Never use the Administrator renamed account for day to day
>> activities, only when intentionally doing administrative tasks.
>>
>> Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
>> microsoft.public.windows.networking,wireless are good places to start.
>>
>> Cheers,
>> Chuck
>
>
>Thanks Chuck. thats a whole heap of advice. I discovered last night
>tthere is no firewall in the linksys. As you are right about that i'll
>assume you are right about all the rest. many thanks.

Robert,

MP. Good luck and stay safe.
 
Cheers,
Chuck 

-- 
Paranoia comes from experience - and is not necessarily a bad thing.

Relevant Pages

  • Re: Windows Firewall . . . ARRGGHH!
    ... >>> I've been trying all day to setup a simple LAN at home ... >>> with my desktop and laptop using WinXP Home Ed on both computers. ... >> Every time that this has happened to me, the problem was that the firewall ... >Thanks, Dave. ...
    (microsoft.public.windowsxp.network_web)
  • Re: VPN/PPOE/RWW Questions/Security
    ... The attitude for many is that Linksys' quality is going downhill. ... > one mapping on the firewall. ... > that his home LAN becomes inoperable. ... I have seen port 443 probed to death on my firewall logs for RWW. ...
    (microsoft.public.windows.server.sbs)
  • Linux on Linksys WRT54G
    ... customizing it by building my own firmware, to replace my existing firewall. ... and can't do with the Linksys box. ... DNS server both for caching on the LAN side, and for hosting a domain on ...
    (comp.os.linux.networking)
  • Re: Connecting an extra computer to Internet
    ... Internet, which works fine. ... time to time, bringing her laptop. ... Sure--depends on how you've configured your LAN, ... If you're NOT using the Linux box as a firewall, ...
    (Fedora)
  • Re: can not network my laptop with my home network
    ... Three machines on wireless network (all Linksys adapters and router/access ... McAfee AV no Mc Firewall installed. ... Laptop can access both PC shared files, PC can both access each other. ... I do not use 3rd party firewall (I use Windows Firewall and Linksys access ...
    (microsoft.public.windowsxp.network_web)