sharing broadband (but not files)

hi

i have a desktop pc (with xp home) that doesnt yet have broadband
access. i also have someone in the house who i would like to share the
broadband access with, but not anything else (files, etc). Is it
possible to have one broadband line coming in, then have the desktop
and the laptop able to access the internet at any time (inc at same
time) without having the laptop access any of my data, or indeed me
able to see what is on his laptop.

I've had a look on the web for solutions and have been considering
buying a wireless router and 2 wireless network cards for the pc and
laptop, but then it seems i have to put the 2 in a network for them to
be able to share the broadband internet access through the router -
and this is the bit that worries me.

oh, a side question - does the router stay connected to the internet
permanently? what happens if the line drops for whatever reason?

thanks in advance. lee

>hi
>
>i have a desktop pc (with xp home) that doesnt yet have broadband
>access. i also have someone in the house who i would like to share the
>broadband access with, but not anything else (files, etc). Is it
>possible to have one broadband line coming in, then have the desktop
>and the laptop able to access the internet at any time (inc at same
>time) without having the laptop access any of my data, or indeed me
>able to see what is on his laptop.
>
>I've had a look on the web for solutions and have been considering
>buying a wireless router and 2 wireless network cards for the pc and
>laptop, but then it seems i have to put the 2 in a network for them to
>be able to share the broadband internet access through the router -
>and this is the bit that worries me.
>
>oh, a side question - does the router stay connected to the internet
>permanently? what happens if the line drops for whatever reason?
>
>thanks in advance. lee

Get any wireless router. The wireless is on the outside of the routers
firewall. It gets internet but can't log on to the network. Only if
you change the settings to "AP" do the files on the network become
available to the wireless side.

Lee wrote:

>hi
>
>i have a desktop pc (with xp home) that doesnt yet have broadband
>access. i also have someone in the house who i would like to share the
>broadband access with, but not anything else (files, etc). Is it
>possible to have one broadband line coming in, then have the desktop
>and the laptop able to access the internet at any time (inc at same
>time) without having the laptop access any of my data, or indeed me
>able to see what is on his laptop.
>
>I've had a look on the web for solutions and have been considering
>buying a wireless router and 2 wireless network cards for the pc and
>laptop, but then it seems i have to put the 2 in a network for them to
>be able to share the broadband internet access through the router -
>and this is the bit that worries me.
>
>oh, a side question - does the router stay connected to the internet
>permanently? what happens if the line drops for whatever reason?
>
>thanks in advance. lee
>
>
If your router has firewall capabilities, turn off ports 135, 137, 138,
139 and 445. Those are the ports used for file sharing (the network
neighborhood). With those ports turned off, no system on your network
will be able to see files on any other system on the network.

The router should be able to reinitiate the connection if it goes down.
That is, the modem/router combination should maintain the connection if
no computers are currently active.

On Tue, 09 Nov 2004 07:20:32 -0500, AndrewJ spoketh

>
>Get any wireless router. The wireless is on the outside of the routers
>firewall. It gets internet but can't log on to the network. Only if
>you change the settings to "AP" do the files on the network become
>available to the wireless side.

Please list the brands and models of wireless routers where the wireless
network is NOT on the LAN side of the router.


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

On 9 Nov 2004 02:45:30 -0800, Lee spoketh

>hi
>
>i have a desktop pc (with xp home) that doesnt yet have broadband
>access. i also have someone in the house who i would like to share the
>broadband access with, but not anything else (files, etc). Is it
>possible to have one broadband line coming in, then have the desktop
>and the laptop able to access the internet at any time (inc at same
>time) without having the laptop access any of my data, or indeed me
>able to see what is on his laptop.
>
>I've had a look on the web for solutions and have been considering
>buying a wireless router and 2 wireless network cards for the pc and
>laptop, but then it seems i have to put the 2 in a network for them to
>be able to share the broadband internet access through the router -
>and this is the bit that worries me.
>
>oh, a side question - does the router stay connected to the internet
>permanently? what happens if the line drops for whatever reason?
>
>thanks in advance. lee

Yes, if you get a wireless router, all computers on the wireless network
would be on the same network, thus file sharing would be possible...

However, there's ways to make sure that files are not shared between
computers on the same LAN.

1) Don't put the computers in the same workgroup. Make sure your desktop
computer has a different workgroup name than your friends laptop.

2) Disable File and Print sharing.

3) Use passwords on all accounts (including your own and especially the
administrator account)

4) Disable NetBIOS broadcasts. There's a registry setting to change the
node type from the default "hybrid" (which uses broadcast) to
"peer-to-peer" (which doesn't use broadcasts). This prevents your
computer from notifying other computers on your LAN about its existence,
thus it will not show up in Network Neighborhood.

5) You can use a desktop firewall program to block any access to
anything on your computer from your own LAN.

You don't have to do all of these, but you should at least consider the
top 3 items. #4 would only hide what isn't there anymore (if you did
#2). The personal firewall option is if you really don't trust the other
guy. Even if you've disabled file sharing and hidden your computer,
there's always the possibility that your friend may still try (either
deliberately or accidentally (read: worm infection)) something, and the
firewall will block any attempts to connect on ports that aren't closed
when disabling file sharing.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

On 9 Nov 2004 02:45:30 -0800, (E-Mail Removed) (Lee) wrote:

>i have a desktop pc (with xp home) that doesnt yet have broadband
>access. i also have someone in the house who i would like to share the
>broadband access with, but not anything else (files, etc). Is it
>possible to have one broadband line coming in, then have the desktop
>and the laptop able to access the internet at any time (inc at same
>time) without having the laptop access any of my data, or indeed me
>able to see what is on his laptop.
>
>I've had a look on the web for solutions and have been considering
>buying a wireless router and 2 wireless network cards for the pc and
>laptop, but then it seems i have to put the 2 in a network for them to
>be able to share the broadband internet access through the router -
>and this is the bit that worries me.

This is the classic "coffee shop" problem. You build a coffee shop
hot spot for customers to share a single DSL or cable modem. Only one
IP address is delivered by the ISP. How do you keep the customers
from seeing the coffee shop office computers? The same problem
includes users that want to share their connection with the neighbors,
but not expose their computers to the anyone outside the LAN.

This has been discussed before with various solutions. The easiest is
to obtain a 2nd IP address from the ISP. You would use two routers,
one for each "group" of users. Neither LAN would see each other, even
if they had identical IP address blocks. I have 5ea IP addresses from
SBC and use this method to connect 4ea seperate companies on a single
DSL modem.

If you're stuck with a single IP address, you setup the wireless and
internal LAN with different Class C IP blocks. For example, the
wireless router DHCP delivers IP's in 192.168.1.xxx and the internal
LAN runs on 192.168.2.xxx. You don't really need a 2nd router to
connect these two seperate LAN's as you could setup a static route to
the wireless router at 192.168.1.1 from 192.168.2.xxx on every client
machine and point the default route to 192.168.1.1. However, this
creative routeing has proven to be a rather painful exercise in
maintenance, so I add a 2nd router to connect 192.168.1.xxx with
192.168.2.xxx. The static route method isn't terribly secure as a
clueful wireless user could easily break into the internal LAN.

Another method is two routers in series playing double NAT. The
default route for the 2nd router would point to the first router.
Therefore (methinks), the 2nd LAN would not see any machines on the
first LAN.

/----\ /----\
== DSL ====| |======================| |====
Modem | |=== 192.168.0.xxx | |==== 10.0.0.xxx
| |=== | |====
| |=== Office LAN | |==== Coffee Shop
| | | | Network
\----/ \----/
Router #1 Router #2
Wireless 192.168.0.xxx Wireless 10.0.0.xxx
for office LAN for coffee shop

The "right" way is to get a router with multiple LAN side ports. I do
this using FreeSCO:
http://www.freesco.org
routers built around old PC's. To the best of my knowledge, there are
no cheapo wireless routers that offer multiple independent LAN side
ports. So, you build your own. It's not that bad and makes sense in
some situations.

>oh, a side question - does the router stay connected to the internet
>permanently? what happens if the line drops for whatever reason?

That depends on the router. If you have to deal with a login/password
abomination commonly found in PPPoE connections, there's usually a box
labelled something like "keep alive" or "auto-reconnect". Some have a
timeout setting which is suppose to disconnect you after xxx number of
minutes. Setting it to zero disables the timer. Most of the current
models have some method of staying on or logging back in. These are
generally un-necessary as most Windoze clients are so "noisy", that
any packet that needs to access the interknot, will bring up the
connection. Not a problem.



--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

If neither machine enable file and print sharing, and didn't configure any
network settings, they wouldn't see each other.
they would both connect to the Internet through the router but wouldn't be
able to see each other's files etc.

I don't think that setting up with 2 routers in tandem would accomplish
much. Computers connected to the 1st router could see each other if they
enabled file and print sharing and shared some files. Similarly for
computers connected to the 2nd router.
But those connected to the 1st router would ordinarily be blocked from those
on the 2nd (built in NAT does that), but those on the 2nd could see those on
the 1st if networked and file and print sharing enabled.


"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On 9 Nov 2004 02:45:30 -0800, (E-Mail Removed) (Lee) wrote:
>
>>i have a desktop pc (with xp home) that doesnt yet have broadband
>>access. i also have someone in the house who i would like to share the
>>broadband access with, but not anything else (files, etc). Is it
>>possible to have one broadband line coming in, then have the desktop
>>and the laptop able to access the internet at any time (inc at same
>>time) without having the laptop access any of my data, or indeed me
>>able to see what is on his laptop.
>>
>>I've had a look on the web for solutions and have been considering
>>buying a wireless router and 2 wireless network cards for the pc and
>>laptop, but then it seems i have to put the 2 in a network for them to
>>be able to share the broadband internet access through the router -
>>and this is the bit that worries me.
>
> This is the classic "coffee shop" problem. You build a coffee shop
> hot spot for customers to share a single DSL or cable modem. Only one
> IP address is delivered by the ISP. How do you keep the customers
> from seeing the coffee shop office computers? The same problem
> includes users that want to share their connection with the neighbors,
> but not expose their computers to the anyone outside the LAN.
>
> This has been discussed before with various solutions. The easiest is
> to obtain a 2nd IP address from the ISP. You would use two routers,
> one for each "group" of users. Neither LAN would see each other, even
> if they had identical IP address blocks. I have 5ea IP addresses from
> SBC and use this method to connect 4ea seperate companies on a single
> DSL modem.
>
> If you're stuck with a single IP address, you setup the wireless and
> internal LAN with different Class C IP blocks. For example, the
> wireless router DHCP delivers IP's in 192.168.1.xxx and the internal
> LAN runs on 192.168.2.xxx. You don't really need a 2nd router to
> connect these two seperate LAN's as you could setup a static route to
> the wireless router at 192.168.1.1 from 192.168.2.xxx on every client
> machine and point the default route to 192.168.1.1. However, this
> creative routeing has proven to be a rather painful exercise in
> maintenance, so I add a 2nd router to connect 192.168.1.xxx with
> 192.168.2.xxx. The static route method isn't terribly secure as a
> clueful wireless user could easily break into the internal LAN.
>
> Another method is two routers in series playing double NAT. The
> default route for the 2nd router would point to the first router.
> Therefore (methinks), the 2nd LAN would not see any machines on the
> first LAN.
>
> /----\ /----\
> == DSL ====| |======================| |====
> Modem | |=== 192.168.0.xxx | |==== 10.0.0.xxx
> | |=== | |====
> | |=== Office LAN | |==== Coffee Shop
> | | | | Network
> \----/ \----/
> Router #1 Router #2
> Wireless 192.168.0.xxx Wireless 10.0.0.xxx
> for office LAN for coffee shop
>
> The "right" way is to get a router with multiple LAN side ports. I do
> this using FreeSCO:
> http://www.freesco.org
> routers built around old PC's. To the best of my knowledge, there are
> no cheapo wireless routers that offer multiple independent LAN side
> ports. So, you build your own. It's not that bad and makes sense in
> some situations.
>
>>oh, a side question - does the router stay connected to the internet
>>permanently? what happens if the line drops for whatever reason?
>
> That depends on the router. If you have to deal with a login/password
> abomination commonly found in PPPoE connections, there's usually a box
> labelled something like "keep alive" or "auto-reconnect". Some have a
> timeout setting which is suppose to disconnect you after xxx number of
> minutes. Setting it to zero disables the timer. Most of the current
> models have some method of staying on or logging back in. These are
> generally un-necessary as most Windoze clients are so "noisy", that
> any packet that needs to access the interknot, will bring up the
> connection. Not a problem.
>
>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 AE6KS 831-336-2558

On Tue, 9 Nov 2004 18:26:30 -0500, "Alan White"
<(E-Mail Removed)> wrote:

>If neither machine enable file and print sharing, and didn't configure any
>network settings, they wouldn't see each other.

True. However if you configure both for tcp/ip, then you can ping
each machine even if file and print sharing is enabled. If I can
ping, I can play other tricks. However, if you turn on the Windoze XP
firewall, and do NOT exclude anything, you can be quite invisible and
still surf the web. If you don't have XP, try ZoneAlarm, Kerio,
Norton Firewall, or similar personal firewall.

>I don't think that setting up with 2 routers in tandem would accomplish
>much. Computers connected to the 1st router could see each other if they
>enabled file and print sharing and shared some files. Similarly for
>computers connected to the 2nd router.

Have you tried it? I have, with a coffee shop network. To go
anywhere, the 2nd LAN has all its packets routed through the 2nd
router to the first router via the default route (which points to the
first routers IP address). If I try to ping something from the 2nd
LAN to one of the computahs on the first LAN, the packets will try to
get there via the default route and never hit the other computahs.

Similarly, going from the 1st LAN to the 2nd isn't possible because
the only IP address that's visible from the 1st LAN is the "WAN" side
IP address of the 2nd router. There's no route to the individual
computahs on the 2nd LAN.

However, I'll admit that I didn't do a very exhaustive test while the
coffee shop owner was pelting me with questions. Therefore, I'm not
100.0% sure that I'm right. I have enough junk here at my house to
set it up again and try it (if I feel inspired and after I finish some
billing).

>But those connected to the 1st router would ordinarily be blocked from those
>on the 2nd (built in NAT does that), but those on the 2nd could see those on
>the 1st if networked and file and print sharing enabled.

That depends on the netmask on the WAN side of the 2nd router. With
255.255.255.0 on the 2nd router, one would see all the computahs on
the 1st LAN from the 2nd LAN. However, if I use a much smaller
netmask, and insure that only the 1st routers IP address is inside the
netwmask range, the other computahs in the 1st LAN will be invisible.

Digging out the subnet calculator.... If the IP address of the 1st
router's LAN side is 192.168.1.1, then for 6ea IP addresses (including
broadcast), I would use an IP address of 192.168.1.2 for the "WAN"
side of the 2nd router. As long as the IP address of the workstations
in the 1st LAN are *NOT* 192.168.1.3 -> 192.168.1.5, they would be
invisible from the 2nd LAN.

Note: I still prefer a single box acting as a multiport router using
FreeSCO.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558