Advise needed on adding wireless access

Discussion in 'Home Networking' started by newsbenny2, Apr 6, 2005.

  1. newsbenny2

    newsbenny2 Guest

    I currently have a fixed wired installation at home. The broadband
    comes via a cable modem which is attached to a NAT router which then
    carries connections to various rooms in the house. There are a couple
    of Windows desktop machines and a Linux web/file/mail server connected
    at all times. I've configured the NAT router so that only the web &
    mailservers are open to the outside world.

    The wife now wants WiFi - not just for ourselves, but to allow visitors
    to surf on their own PCs.

    Now, if I just attach a wireless access point to the NAT router, I'm
    going to make all our internal windows/samba shares visible to any
    attached computer, right? (The samba shares are all user/password
    protected, the windows shares I'm not too sure about). Plus I don't
    like the idea of our internal network traffic being potentially
    sniffable.

    But if I put another NAT router between the cable modem and the
    existing NAT router, and attach the wireless access point to this (the
    new NAT router) then I've screwed any chance of share access to our own
    (non-visitor) wireless PCs.

    So, what's the solution here? Do I need 2 wireless access points? One
    for internal users and one for visitors? Or is there some fancy
    technology to let me achieve what I want with just the one?

    Thanks in advance for all advice.

    Best regards, Ralph.
     
    newsbenny2, Apr 6, 2005
    #1
    1. Advertisements

  2. newsbenny2

    Conor Turton Guest

    THe "double NAT" way is frought with problems. Change your router for
    something like a F5D7230-4 Belkin Wireless Router with 4 LAN ports. The
    Belkin router allows you to set access/deny by IP address for all
    services individually.

    Mine does it on:

    WWW HTTP, TCP Port 80, 3128, 8000, 8080, 8001
    E-mail Sending SMTP, TCP Port 25
    News Forums NNTP, TCP Port 119
    E-mail Receiving POP3, TCP Port 110
    Secure HTTP HTTPS, TCP Port 443
    File Transfer FTP, TCP Port 21
    MSN Messenger TCP Port 1863
    Telnet Service TCP Port 23
    AIM AOL Instant Messenger, TCP Port 5190
    NetMeeting H.323, TCP Port 1720
    DNS UDP Port 53
    SNMP UDP Port 161, 162
    VPN-PPTP TCP Port 1723
    VPN-L2TP UDP Port 1701
    TCP All TCP Port
    UDP All UDP Port

    ...as well as user defined ports.
     
    Conor Turton, Apr 6, 2005
    #2
    1. Advertisements

  3. newsbenny2

    NBT Guest

    1 WAP
    1 Router
    Give all home users Static IP's, allow DHCP for visitors over small IP
    range.
    S/ware firewalls on all Home machines with home users in a "Trusted"
    zone which allows sharing and all other IP's in a "Blocked" zone.
    Make sure wireless system is encrypted and "Key" is changed frequently
    (bear in mind that visitors allowed to use your network will have it's
    details stored on their machines when they leave)
    Make sure all "Shares" are password protected.

    NBT
     
    NBT, Apr 6, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.