Security on public network via DHCP sbnet ?

I need to setup a free internet site but do not want users to see other pc's

Am I right in setting the subnet mask as 255.255.255.254 via a DHCP wirelss
router using private ip range 192.168.10.2-50

In news:AF9A211A-E781-40CD-BA43-(E-Mail Removed),
Larrycoe <(E-Mail Removed)> stated, which I commented on
below:
> I need to setup a free internet site but do not want users to see
> other pc's
>
> Am I right in setting the subnet mask as 255.255.255.254 via a DHCP
> wirelss router using private ip range 192.168.10.2-50

No. A .254 (or a /31 or 11111110) subnet only gives you two hosts, but is
useless. If you want .2 to .50, then you would need a .192 (11000000 or /26)
to give you a range of .1 to .62.

The 1 to 50 on a Linksys router, and other routers that do it this way is
assuming your internal subnet is actually a /27 (.0 or 00000000) giving a
full possible .1 to .254). The .1 to .50 they offer is only actually a DHCP
scope. You can do that with any DHCP server. But for the range that you are
looking for and to have all those IPs on the same subnet, it must be
mimimally 255.255.255.192, 255.255.255.128, or 255.255.255.0.

I believe some of these routers, especially if you get it from Comcast, may
restrict you to a certain DHCP scope. But don't quote me on that.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

In news:AF9A211A-E781-40CD-BA43-(E-Mail Removed),
Larrycoe <(E-Mail Removed)> stated, which I commented on
below:
> I need to setup a free internet site but do not want users to see
> other pc's

If you port-remap port 80 to only one specific internal IP, then no, they
cannot see anything else on the network.

This is assuming the web server is secured, patched, you have a good
firewall controlling traffic, the website code is properly designed without
any configs that may lead to a compromise or introduce a vulnerability,
among many other things.

Ace

Thanks ACE
I am with you on the scope (set to 2~ 55) and range, still trying to get tp
grips with subnet masks.
Is there any other way of not letting the users who share the same DCHP
generated address from not being visible other than 3rd party firewall
software, that blocks all except the gateway ?

>
> No. A .254 (or a /31 or 11111110) subnet only gives you two hosts, but is
> useless. If you want .2 to .50, then you would need a .192 (11000000 or /26)
> to give you a range of .1 to .62.
>
> The 1 to 50 on a Linksys router, and other routers that do it this way is
> assuming your internal subnet is actually a /27 (.0 or 00000000) giving a
> full possible .1 to .254). The .1 to .50 they offer is only actually a DHCP
> scope. You can do that with any DHCP server. But for the range that you are
> looking for and to have all those IPs on the same subnet, it must be
> mimimally 255.255.255.192, 255.255.255.128, or 255.255.255.0.
>
> I believe some of these routers, especially if you get it from Comcast, may
> restrict you to a certain DHCP scope. But don't quote me on that.
>
> --
> Ace
> Innovative IT Concepts, Inc (IITCI)
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...
>
>
>

In news:C9C7787E-808B-4FE9-916B-(E-Mail Removed),
Larrycoe <(E-Mail Removed)> stated, which I commented on
below:
> Thanks ACE
> I am with you on the scope (set to 2~ 55) and range, still trying to
> get tp grips with subnet masks.
> Is there any other way of not letting the users who share the same
> DCHP generated address from not being visible other than 3rd party
> firewall software, that blocks all except the gateway ?

If their not in one big happy family (a domain), then you can disable File
and Print on all machines. If you do not have access to the machines, then
either the Windows firewall or a third party firewall will be required.
Unless you create VLANs for each port, but I don;t think you have a switch
that's capable of such a feature.

Ace