How To: One Internet connection - Two Private LANs
Published: Wednesday, 12 November 2003 05:11 Written by Tim Higgins Tags:How ToRouterSecurity
Start Prev 1 2 3 Next End Introduction There are times when having two separate networks - both sharing the same Internet connection - can come in handy. For example, I recently helped a community center with its network setup. They needed to provide Internet connection to tenants who were renting space, in addition to their own shared Internet. They also shared a number of folders on the network, but weren't too careful about password protecting the shares.
Rather than trying to (unsuccessfully) enforce good file-sharing practices among users who didn't really have the inclination to learn them, I took a more pragmatic approach and separated the tenant and community center computers into their own private LANs.
Separate LANs can also keep your computer(s) safe from worm and malware infestation from your children's (or employees') machines. Let's see how it's done.
The Approach This approach is essentially an extension of the technique described in the Setting up File and Printer sharing between two routers Problem Solver and has the same effect of blocking file and printer sharing traffic entering the WAN side of each router. The difference in this setup is that we've separated clients into two groups, each behind its own firewall that blocks any data not requested by a client behind the firewall trying to come into the WAN side of its router.
File and Printer sharing doesn't work between the two groups because although data passes through the originating computer's firewall just fine, it's blocked from entering the firewall of the computer in the other group. However, all clients can freely connect to the Internet as long as they initiate the data request, even through the request has to pass through two firewalls to get there.
How To: One Internet connection - Two Private LANs
Published: Wednesday, 12 November 2003 05:11
Written by Tim Higgins
Tags:How ToRouterSecurity
Start Prev 1 2 3 Next End
Introduction
There are times when having two separate networks - both sharing the same
Internet connection - can come in handy. For example, I recently helped a
community center with its network setup. They needed to provide Internet
connection to tenants who were renting space, in addition to their own
shared Internet. They also shared a number of folders on the network, but
weren't too careful about password protecting the shares.
Rather than trying to (unsuccessfully) enforce good file-sharing practices
among users who didn't really have the inclination to learn them, I took a
more pragmatic approach and separated the tenant and community center
computers into their own private LANs.
Separate LANs can also keep your computer(s) safe from worm and malware
infestation from your children's (or employees') machines. Let's see how it's done.
The Approach
This approach is essentially an extension of the technique described in the Setting up File and Printer sharing between two routers Problem Solver and
has the same effect of blocking file and printer sharing traffic entering
the WAN side of each router. The difference in this setup is that we've
separated clients into two groups, each behind its own firewall that blocks any data not requested by a client behind the firewall trying to come into
the WAN side of its router.
File and Printer sharing doesn't work between the two groups because
although data passes through the originating computer's firewall just fine, it's blocked from entering the firewall of the computer in the other group. However, all clients can freely connect to the Internet as long as they
initiate the data request, even through the request has to pass through two firewalls to get there.
double nat就完了
★ 发自iPhone App: ChinaWeb 1.1.5
【 在 skybluewei (weilan) 的大作中提到: 】
: double nat就完了
: ★ 发自iPhone App: ChinaWeb 1.1.5
未完待续
难道不是搞vlan? 想多少都行。就是switch会比较贵
ebay上大把24口<$100的,万兆口POE都不是问题,电费高点罢了。
【 在 MaLaRabbit (麻辣兔子王) 的大作中提到: 】
: 难道不是搞vlan? 想多少都行。就是switch会比较贵
发热还有噪音
【 在 pptwo (pp) 的大作中提到: 】
: ebay上大把24口<$100的,万兆口POE都不是问题,电费高点罢了。
:
: 【 在 MaLaRabbit (麻辣兔子王) 的大作中提到: 】
: : 难道不是搞vlan? 想多少都行。就是switch会比较贵
两个家用路由就完了,整那么高大上有蛋用?不就是上个买买提么!
★ 发自iPhone App: ChinaWeb 1.1.5
摄像头
【 在 skybluewei (weilan) 的大作中提到: 】
: 两个家用路由就完了,整那么高大上有蛋用?不就是上个买买提么!
: ★ 发自iPhone App: ChinaWeb 1.1.5