Network isolation

Discussion in 'Windows Networking' started by Zyggy, Sep 12, 2006.

  1. Zyggy

    Zyggy Guest

    I have a workgroup network consisting of all XP pro machines. There is one
    machine that is the print server, acting as the host to a busy laserjet via
    a USB connection. However, of these computers, there is one machine that is
    semi-public. I want this public machine to be able to connect to the print
    server but NOT to any of the remaining private machines. In other words,
    when someone browses Network Places on this public machine, all they see is
    this print server. I may put a shared folder on this server to be accessible
    from the public computer, but the server primarily will act as the print
    server for the shared laserjet for the entire network -- public and private.

    All the machines have simple file sharing to make things easier to manage.
    However because of Simple File Sharing, the public machine can see all the
    other computers. I am thinking of segmentalize the network into two
    subnetworks at the IP level instead of at the Application level. Can I
    achieve this by putting a second NIC in the print server and give it a
    different subnet, one that is the same as the public machine's, but
    different than that of the private network?

    Example:

    Public machine gets 192.168.1.2/24
    Print server NIC1 gets 192.168.1.3/24 and NIC2 gets 192.168.2.2/24
    All the rest of the machines in the private network get 192.168.2.x/24

    So as long as I do not bridge the two NICs in the print server, I can
    completely prevent the public computer from even seeing the private
    computers, right? What are the chances of a package leak from one NIC to the
    other given that they have different subnets?
     
    Zyggy, Sep 12, 2006
    #1
    1. Advertisements

  2. In your example you've actually changed the IP address of each network. One
    is in 192.168.1.xxx space and the other is in 192.168.2.xxx space the
    subnets/24 are the same.

    David Hettel
    MVP Mobile Devices
     
    David Hettel MVP MobileDevices, Sep 12, 2006
    #2
    1. Advertisements

  3. The solution is to stop using "Simple File Sharing. It is just that simple
    (no pun intended).

    Seeing machines in NetPlaces it pointless to worry about. Netplaces is just
    a "display" of what is contained in a "browse list" maintained by the Master
    Browser. It has nothing to do with permissions or "access" and it a total
    waiste of time to worry about machines showing in it.

    What *is* worth worrying about is the permissions on Shares (Share-Level
    Premissions) and the files & folders in those shares (NTFS Permissions). So
    stop using Simple File Sharing and make the sure the Share-Level Permissions
    and the NTFS Permissions are what they should be and the problem is solved.
     
    Phillip Windell, Sep 12, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.