On 12 Nov 2004 02:26:17 -0800,
(E-Mail Removed) (Robert Frost) wrote:
>Chuck <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
>> On 11 Nov 2004 08:59:12 -0800, *email_address_deleted* (Robert Frost) wrote:
>>
>> >I have 3 computers running xp networked via a netgear wireless router.
>> >
>> >I have a wireless laptop also running xp which connects perfectly to
>> >the lan via a wireless link to the netgear router and can access files
>> >on the other computers.
>> >
>> >I have a separate building in which there is a linksys wireless router
>> >which is connected by ethernet cable to the 4th port on the netgear
>> >router and is intended purely as a wireless access point. This works
>> >fine for internet access but will not allow the laptop to access the
>> >lan. Presumably this is because of a firewall in the linksys.
>> >
>> >The netgear router can see the linksys and gives it IP and MAC
>> >addresses.
>> >
>> >How can I get into the linksys to turn the firewall off?
>>
>> Robert,
>>
>> Not all NAT routers contain firewalls. And those that do, do not firewall
>> outgoing traffic. If your laptop, connected to the Linksys, needs to access the
>> LAN on the Netgear, it's creating outgoing traffic thru the Linksys, which is
>> not filtered.
>>
>> I'll bet your problem is caused by subnetting. To use the Linksys as a WAP, you
>> need to:
>> 1) Login to the Linksys, and disable the DHCP server.
>> 2) Change the Linksys LAN port address to something on the same subnet as the
>> Netgear LAN - but outside the Netgear DHCP scope.
>> 3) Connect the Linksys to the Netgear thru LAN ports on both.
>> 4) If the laptop is setup as a DHCP client, and the Netgear LAN is on DHCP, the
>> laptop should connect, and should be able to access any of its peers on your one
>> LAN. If the Netgear LAN is (hopefully) using fixed ip addresses, assign an
>> appropriate address to the laptop.
>>
>> But please don't stop there - using DHCP on a wireless LAN exposes all the
>> computers, wired and wireless.
>>
>> Here's a story about somebody's very stupid wireless neighbor. Don't expect all
>> wireless neighbors to be this stupid.
>> <http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.
>>
>> The point is, you need to protect a wireless LAN with more precautions than just
>> the NAT firewall.
>>
>> Change the router management password, and disable remote (WAN) management.
>>
>> Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
>> has fleas").
>>
>> Enable MAC filtering.
>>
>> Change the subnet of your LAN - don't use the default.
>>
>> Disable DHCP, and assign an address to each computer manually.
>>
>> Install a software firewall on every computer connected to a wireless LAN. Put
>> manually assigned ip addresses in the Local (highly trusted) Zone. Configure
>> the firewall to allow file sharing only in the Local Zone.
>>
>> Don't disable SSID broadcast - some configurations require the SSID broadcast.
>> But change the SSID itself - to something that doesn't identify you, or the
>> equipment.
>>
>> Enable the router activity log. Examine it regularly. Know what each
>> connection listed represents - you? a neighbor?.
>>
>> Use non-trivial accounts and passwords on every computer connected to a wireless
>> LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
>> here). Rename Administrator, to a non-trivial value, and give it a non-trivial
>> password. Never use the Administrator renamed account for day to day
>> activities, only when intentionally doing administrative tasks.
>>
>> Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
>> microsoft.public.windows.networking,wireless are good places to start.
>>
>> Cheers,
>> Chuck
>
>
>Thanks Chuck. thats a whole heap of advice. I discovered last night
>tthere is no firewall in the linksys. As you are right about that i'll
>assume you are right about all the rest. many thanks.
Robert,
MP. Good luck and stay safe.
Cheers,
Chuck
--
Paranoia comes from experience - and is not necessarily a bad thing.
Similar Threads
