Sharing internet but not files on Wifi

I have often enjoyed the 'hospitality' of others by surfing the web on their
wifi networks, and therefore wish to reciprocate so that anyone can surf on
my network. I do not, however, wish to compromise my security.

Is it possible to allow open access to the internet through my network while
restricting access to shared files so that they are only accessible to
authorised users?

Thanks

Yes it is possible, to setup your network this way. Basically you set your
access point up without security, and set to broadcast the SSID. Then you
set your computers up to require a user name and a password. Note that
because any and all have access to your wireless connection that this will
make it easier to crack the security on your computers. Be sure to disable
the anyone account, and on windows XP go to My Computer | Tools | Folder
Options | View | and in the Advance settings box scroll to the bottom and
uncheck "use simple file sharing (Recommended) for each folder shared with a
hand under it.

--
David Hettel

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

DISCLAIMER: This posting is provided "AS IS" with no warranties, and
confers no rights

"Deejay" <(E-Mail Removed)> wrote in message
news:3975858E-5118-4A4B-B401-(E-Mail Removed)...
>I have often enjoyed the 'hospitality' of others by surfing the web on
>their
> wifi networks, and therefore wish to reciprocate so that anyone can surf
> on
> my network. I do not, however, wish to compromise my security.
>
> Is it possible to allow open access to the internet through my network
> while
> restricting access to shared files so that they are only accessible to
> authorised users?
>
> Thanks

"Deejay" <(E-Mail Removed)> wrote in message
news:3975858E-5118-4A4B-B401-(E-Mail Removed)...
>I have often enjoyed the 'hospitality' of others by surfing the web on
>their
> wifi networks, and therefore wish to reciprocate so that anyone can surf
> on
> my network. I do not, however, wish to compromise my security.
>
> Is it possible to allow open access to the internet through my network
> while
> restricting access to shared files so that they are only accessible to
> authorised users?
>
> Thanks

The way I do that is to configure the XP SP2 Windows Firewall so only
specific IP addresses on my home LAN can access each other. That is
configured as a custom address scope for File & Print Sharing.

http://theillustratednetwork.mvps.or...ustomScope.JPG

Of course this means using static IP addresses on your LAN. In the case of
my laptop my router assigns an IP based on its MAC Address, a pseudo static
IP so to speak. In the example, this is on my desktop PC, the allowed
addresses are as follows..

10.8.0.12 wife's desktop
10.8.0.31 remote OpenVPN client PC #1
10.8.0.32 remote OpenVPN client PC #2
10.8.0.101 my laptop

http://theillustratednetwork.mvps.or...NetworkLAN.htm

With that scheme guests can access my home LAN and the public internet,
after I give them the appropriate WPA key of course, but not access shared
files/folders on my desktop PCs.

By the way I always run my laptop so the XP SP2 Windows Firewall is
configured for NO exceptions. I basically set-it-and-forget-it. That way I
am protected while away from home and connected to open wireless hotspots.
If I need to get a file from a desktop to my laptop I initiate the file
transfer from my laptop...

http://theillustratednetwork.mvps.or...Exceptions.JPG

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

Thanks for the reply. I cannot find 'use simple file sharing' in the View,
Advanced scroll box. I have XP Home. Is that the reason?

"David Hettel" wrote:

> Yes it is possible, to setup your network this way. Basically you set your
> access point up without security, and set to broadcast the SSID. Then you
> set your computers up to require a user name and a password. Note that
> because any and all have access to your wireless connection that this will
> make it easier to crack the security on your computers. Be sure to disable
> the anyone account, and on windows XP go to My Computer | Tools | Folder
> Options | View | and in the Advance settings box scroll to the bottom and
> uncheck "use simple file sharing (Recommended) for each folder shared with a
> hand under it.
>
> --
> David Hettel
>
> Please post any reply as a follow-up message in the news group
> for everyone to see. I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>
> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> confers no rights
>
> "Deejay" <(E-Mail Removed)> wrote in message
> news:3975858E-5118-4A4B-B401-(E-Mail Removed)...
> >I have often enjoyed the 'hospitality' of others by surfing the web on
> >their
> > wifi networks, and therefore wish to reciprocate so that anyone can surf
> > on
> > my network. I do not, however, wish to compromise my security.
> >
> > Is it possible to allow open access to the internet through my network
> > while
> > restricting access to shared files so that they are only accessible to
> > authorised users?
> >
> > Thanks
>
>
>

It appears that your solution is to grant individual access even for the web.
Ideally, I wish web access through my network to be free for all but access
to shared files only to the computers within my home.

"Sooner Al [MVP]" wrote:

> "Deejay" <(E-Mail Removed)> wrote in message
> news:3975858E-5118-4A4B-B401-(E-Mail Removed)...
> >I have often enjoyed the 'hospitality' of others by surfing the web on
> >their
> > wifi networks, and therefore wish to reciprocate so that anyone can surf
> > on
> > my network. I do not, however, wish to compromise my security.
> >
> > Is it possible to allow open access to the internet through my network
> > while
> > restricting access to shared files so that they are only accessible to
> > authorised users?
> >
> > Thanks
>
> The way I do that is to configure the XP SP2 Windows Firewall so only
> specific IP addresses on my home LAN can access each other. That is
> configured as a custom address scope for File & Print Sharing.
>
> http://theillustratednetwork.mvps.or...ustomScope.JPG
>
> Of course this means using static IP addresses on your LAN. In the case of
> my laptop my router assigns an IP based on its MAC Address, a pseudo static
> IP so to speak. In the example, this is on my desktop PC, the allowed
> addresses are as follows..
>
> 10.8.0.12 wife's desktop
> 10.8.0.31 remote OpenVPN client PC #1
> 10.8.0.32 remote OpenVPN client PC #2
> 10.8.0.101 my laptop
>
> http://theillustratednetwork.mvps.or...NetworkLAN.htm
>
> With that scheme guests can access my home LAN and the public internet,
> after I give them the appropriate WPA key of course, but not access shared
> files/folders on my desktop PCs.
>
> By the way I always run my laptop so the XP SP2 Windows Firewall is
> configured for NO exceptions. I basically set-it-and-forget-it. That way I
> am protected while away from home and connected to open wireless hotspots.
> If I need to get a file from a desktop to my laptop I initiate the file
> transfer from my laptop...
>
> http://theillustratednetwork.mvps.or...Exceptions.JPG
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>

Correct, Windows XP Home does not have the same networking features as XP
Pro. Another option for added security would be to purchase a second
wireless router, that would have security setup on it, for your network.
Router 1 would be directly connected to your hi-speed connection and would
provide free access to the Internet, it can be inexpensive, set it up to put
router 2 in the DMZ. Router 2 should have a firewall, and it's firewall will
protect you from the public on the internet, as well as anyone logged into
your free access point.

Cable/DSL Modem
|
Wireless router 1 open no security IP range 192.168.2.1
|
Wireless router 2 Secure IP range 192.168.2.1

--
David Hettel

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

DISCLAIMER: This posting is provided "AS IS" with no warranties, and
confers no rights

"Deejay" <(E-Mail Removed)> wrote in message
news:7763DEEA-FD98-4FDC-843D-(E-Mail Removed)...
> Thanks for the reply. I cannot find 'use simple file sharing' in the View,
> Advanced scroll box. I have XP Home. Is that the reason?
>
> "David Hettel" wrote:
>
>> Yes it is possible, to setup your network this way. Basically you set
>> your
>> access point up without security, and set to broadcast the SSID. Then you
>> set your computers up to require a user name and a password. Note that
>> because any and all have access to your wireless connection that this
>> will
>> make it easier to crack the security on your computers. Be sure to
>> disable
>> the anyone account, and on windows XP go to My Computer | Tools | Folder
>> Options | View | and in the Advance settings box scroll to the bottom and
>> uncheck "use simple file sharing (Recommended) for each folder shared
>> with a
>> hand under it.
>>
>> --
>> David Hettel
>>
>> Please post any reply as a follow-up message in the news group
>> for everyone to see. I'm sorry, but I don't answer questions
>> addressed directly to me in E-mail or news groups.
>>
>> Microsoft Most Valuable Professional Program
>> http://mvp.support.microsoft.com
>>
>> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
>> confers no rights
>>
>> "Deejay" <(E-Mail Removed)> wrote in message
>> news:3975858E-5118-4A4B-B401-(E-Mail Removed)...
>> >I have often enjoyed the 'hospitality' of others by surfing the web on
>> >their
>> > wifi networks, and therefore wish to reciprocate so that anyone can
>> > surf
>> > on
>> > my network. I do not, however, wish to compromise my security.
>> >
>> > Is it possible to allow open access to the internet through my network
>> > while
>> > restricting access to shared files so that they are only accessible to
>> > authorised users?
>> >
>> > Thanks
>>
>>
>>

"Deejay" <(E-Mail Removed)> wrote in message
news:5DF9A4FE-3B87-4796-9998-(E-Mail Removed)...
> It appears that your solution is to grant individual access even for the
> web.
> Ideally, I wish web access through my network to be free for all but
> access
> to shared files only to the computers within my home.
>
> "Sooner Al [MVP]" wrote:
>
>

If you want unlimited free access to the public internet through your home
wireless router then simply disable any security your using, ie. WPA or WEP.
Personally I advise against that...

The way I read your original post is you want unlimited access to the public
internet through your home wireless router for guests but block those guests
from accessing shared files/folders on your personal PCs, correct? If so
then the firewall scheme I gave you will do that as long as you turn
off/disable encryption.

Otherwise David's suggestion about a second router would work as would a new
router that supports multiple Virtual LANs (VLANS)...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

Hi

The best way (as mentioned by David above) is to segregate your Network,
given the current price of Wireless Cable/DSL Routers it is a good
investment. http://www.ezlan.net/segregation.html

Otherwise, use Software Firewall on each computer; assign static IP to each
computer on your Network within a given band (like 192.168.100.1 to
192.168.100.x ).

Assign another band with DHCP for guests (like 192.168.20.1 to
192.168.20.x).

Put your static band into the Trusted Zone of the Software Firewall on each
computer.

Voila, Guests would be able to access the Internet, but will be "banned"
from your computers.

Jack (MVP-Networking).



"Deejay" <(E-Mail Removed)> wrote in message
news:3975858E-5118-4A4B-B401-(E-Mail Removed)...
>I have often enjoyed the 'hospitality' of others by surfing the web on
>their
> wifi networks, and therefore wish to reciprocate so that anyone can surf
> on
> my network. I do not, however, wish to compromise my security.
>
> Is it possible to allow open access to the internet through my network
> while
> restricting access to shared files so that they are only accessible to
> authorised users?
>
> Thanks

Jack (MVP-Networking). <(E-Mail Removed)> wrote:

<snip>

> Otherwise, use Software Firewall on each computer; assign static IP to each
> computer on your Network within a given band (like 192.168.100.1 to
> 192.168.100.x ).
>
> Assign another band with DHCP for guests (like 192.168.20.1 to
> 192.168.20.x).
>
> Put your static band into the Trusted Zone of the Software Firewall on each
> computer.
>
> Voila, Guests would be able to access the Internet, but will be "banned"
> from your computers.

In that case, can a guest not just assign themselves a ip-address from
the static band and gain access?