2 Private networks to share one broadband connection

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I want to have a parents' network and a children's network at home which are
conpletely invisible to each other.

I have XP pro on the two machines I want on one network and XP home on the
other two networked machines. Can I do this with one router and controlled
permissions?
--
self built
MSI Radeon chipset m/b w. 512mb
Athlon 64 3000+
Leadtek PVR2000 analog tuner
WMCE 2005
 
In phillipo <[email protected]> had this to say:

My reply is at the bottom of your sent message:
I want to have a parents' network and a children's network at home
which are conpletely invisible to each other.

I have XP pro on the two machines I want on one network and XP home
on the other two networked machines. Can I do this with one router
and controlled permissions?
Click to expand...

Yes.

Galen

Okay, I was going to leave it as that. I figure I'll give you a bigger hint
than that though. On the Pro boxes disable simple file sharing, then set the
permissions for it. Establish a group, say adults, and allow them access to
the shared files. Disallow the kids group access. To disable simple file
sharing open Windows Explorer, click tools, options, view, scroll way down
to the bottom, disable simple file sharing should be ticked by default -
untick it.

Galen
--

"And that recommendation, with the exaggerated estimate of my ability
with which he prefaced it, was, if you will believe me, Watson, the
very first thing which ever made me feel that a profession might be
made out of what had up to that time been the merest hobby."

Sherlock Holmes
 
I want to have a parents' network and a children's network at home which are
conpletely invisible to each other.

I have XP pro on the two machines I want on one network and XP home on the
other two networked machines. Can I do this with one router and controlled
permissions?
Click to expand...

No. Permissions can't make a machine invisible. At best, they can
make a machine visible but inaccessible. But XP Home doesn't support
permissions for network shares -- only XP Pro does.

For complete isolation and invisibility between the networks, get two
more routers (they're inexpensive) and connect the Internet (WAN) port
of each new router to a LAN port of the old router. Connect the kids
to one new router, and connect the parents to the other new router.

Make sure that the new routers use a different TCP/IP subnet than the
old one for their local area network addresses. For example, if the
old router uses 192.168.1.x, use 192.168.0.x on the new ones.

I use exactly that setup at home. The main network is for my
computers and my wife's computer. The second network is for clients'
computers that I'm working on, which might be infected with viruses
and spyware and can't be trusted to connect to the main network.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Hi

As mentioned above, Network Segregation is the solution and it can be achieved with an
additional Router (less than $20).

The order of the Networks Installation can make a difference too.

Install the less secure Network (I.e. the kids) directly to the Internet Modem.

The Network that needs to be more secure goes second. Doing so will add protection to
the more important network (Double NAT) and will allow you to configure local access to
the Kids Network but will block access from the first Network to the second.

Network Segregation - http://www.ezlan.net/shield.html

Jack (MVP-Networking).
 
Thanks a lot for replies.

Can I avoid having three routers by daisy chaining? I don't need either
network to be able to see the other. It's two networks simply sharing one
ADSL connection.
 
Thanks a lot for replies.

Can I avoid having three routers by daisy chaining? I don't need either
network to be able to see the other. It's two networks simply sharing one
ADSL connection.
Click to expand...

Making two networks completely invisible to each other requires three
routers.

If you daisy chain two routers (ADSL -> Router #1 -> Router #2),
computers on Router #2 will be able to access computers on Router #1
(but not vice versa).
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Thanks - only half a solution then.... Actually I think I'm Ok with the
networks being visible but inaccessible.

The problem is that the 'kids' network is on XP home edition. Can it be done
with 'Home' ?
 
Thanks - only half a solution then.... Actually I think I'm Ok with the
networks being visible but inaccessible.
Click to expand...

Here are steps that you can take on the XP Pro machines to make them
visible but inaccessible to XP Home with one or two routers:

1. Un-share all shared disks and folders.
2. Disable simple file sharing.
3. Re-share all shared disks and folders.
4. Create matching user accounts on the XP Pro machines -- same user
name and password.
5. Don't set up those accounts on XP Home.
The problem is that the 'kids' network is on XP home edition. Can it be done
with 'Home' ?
Click to expand...

XP Home grants networked access to all users and doesn't support
disabling simple file sharing.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
XP Home grants networked access to all users and doesn't support
disabling simple file sharing.
--
Click to expand...
So, finally, the Home machines cannot be made inaccessible from the Pro
machines if on the same router? You can't create a different workgroup which
is private - the Pro machines will be able to read the Home machines
files.... right?
 
So, finally, the Home machines cannot be made inaccessible from the Pro
machines if on the same router? You can't create a different workgroup which
is private - the Pro machines will be able to read the Home machines
files.... right?
Click to expand...

Workgroups don't provide any type of security or access control. A
computer in any workgroup can access a computer in any other
workgroup. Workgroups serve no useful purpose in Windows XP.

XP Home grants networked access to all users on all computers on the
physical network. The only supported security measures are:

1. Create a network password for the Guest account. Anyone who wants
to access the XP Home computer will have to enter that password. To
create a network password for the Guest account:

a. Click Start | Run.
b. Type "control userpasswords2" in the box and click OK:
c. Click Guest.
d. Click Reset Password.
e. Enter a new password.

2. Hide a shared disk or folder by putting a dollar sign at the end of
its share name (e.g. DATA$). A hidden share doesn't appear in My
Network Places on any computer. Only someone who knows the name of
the hidden share can access it.

Broadband routers are commonly available for less than $30 (after
rebates) at computer and office supply stores in the US. Unless you
really enjoy the technical challenges of other setups, I recommend
going with the 3-router setup (or the 2-router setup that can protect
one group of computers from access by the other group) and being done
with this.

There are some security measures available for XP Home that aren't
documented, tested, or supported by Microsoft. I haven't tried them
don't know if they're safe or if they work, and can't answer questions
about them. If you're interested in trying them, at your own risk,
search this news group for information on:

1. Disabling simple file sharing and setting share permissions in Safe
mode.

2. Using the "cacls" command to set share permissions.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
I'm very grateful for your very knowledgable advice.
Right on the money!

All the best
Phil
London UK
 
I'm very grateful for your very knowledgable advice.
Right on the money!

All the best
Phil
London UK
Click to expand...

You're welcome. Does that mean that you've come up with a solution?
If so, please post another news group message and tell us what it is.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
This is an older thread, but I recently ran into a related problem and don't
understand why...

The apartment building where my daughter lives provides wired ethernet
broadband to it's renters. I have determined (by direct observation of the
equipment) that the building is getting it's Internet access via cable, and
is using a NAT router (192.168.1.x) with a switch and DHCP to distribute
access to each unit.

My daughter and apartment mate have a Linux based desktop (to tinker with
Linux) and each has a notebook running XP Pro SP2 (they are college
students). They wanted to hook up the desktop via wired ethernet, and the
notebooks via wireless within the apartment.

I set up an inexpensive Belkin wireless NAT router/switch/DHCP (192.168.0.x)
off the apartment's ethernet jack. That is, we now had NAT behind NAT,
isolating their apartment's network from the rest of the building.

Web access was *really* slow going through both routers, but it worked for
the Linux PC and the two XP notebooks (wired and wireless).

I have a notebook that is an identical model to my daughter's. I had a
*terrible* time browsing the web from my notebook. I could always access a
few specific web pages, and nothing else. Yet, if I connected my notebook
directly the building's router (by-passing the apartment router), everything
worked great.

I changed my TCP/IP settings to those identical to her notebook (automatic
IP & DNS and nothing else); it didn't help. The ONLY difference between the
notebooks that I could determine is her apartment mate's notebook wasn't
assigned to either a workgroup or domain, my daughter's was assigned to the
workgroup used by our home network, and my notebook as assigned to the NT
domain used by my employer (although I don't login at work or anywhere else
via the domain, but to a local admin level account (not THE administrator
account) - the domain designation is there to access network drives while at
work).

Any ideas what is going on within the Windows networking parameters that
would cause my notebook to fail on most web sites?

By the way, one more clue is that I noticed my browser was apparently
resolving the IP address for many URLs as 169.254.1.1. I know this is a
private IP address and the reason for the page not found, but why would DNS
work for only some pages? And sometimes I could reach a top page at a site,
but not other links within the same site.

Jim
 
Johnson - Serenity Consulting
This is an older thread, but I recently ran into a related problem and don't
understand why...

The apartment building where my daughter lives provides wired ethernet
broadband to it's renters. I have determined (by direct observation of the
equipment) that the building is getting it's Internet access via cable, and
is using a NAT router (192.168.1.x) with a switch and DHCP to distribute
access to each unit.

My daughter and apartment mate have a Linux based desktop (to tinker with
Linux) and each has a notebook running XP Pro SP2 (they are college
students). They wanted to hook up the desktop via wired ethernet, and the
notebooks via wireless within the apartment.

I set up an inexpensive Belkin wireless NAT router/switch/DHCP (192.168.0.x)
off the apartment's ethernet jack. That is, we now had NAT behind NAT,
isolating their apartment's network from the rest of the building.

Web access was *really* slow going through both routers, but it worked for
the Linux PC and the two XP notebooks (wired and wireless).

I have a notebook that is an identical model to my daughter's. I had a
*terrible* time browsing the web from my notebook. I could always access a
few specific web pages, and nothing else. Yet, if I connected my notebook
directly the building's router (by-passing the apartment router), everything
worked great.

I changed my TCP/IP settings to those identical to her notebook (automatic
IP & DNS and nothing else); it didn't help. The ONLY difference between the
notebooks that I could determine is her apartment mate's notebook wasn't
assigned to either a workgroup or domain, my daughter's was assigned to the
workgroup used by our home network, and my notebook as assigned to the NT
domain used by my employer (although I don't login at work or anywhere else
via the domain, but to a local admin level account (not THE administrator
account) - the domain designation is there to access network drives while at
work).

Any ideas what is going on within the Windows networking parameters that
would cause my notebook to fail on most web sites?

By the way, one more clue is that I noticed my browser was apparently
resolving the IP address for many URLs as 169.254.1.1. I know this is a
private IP address and the reason for the page not found, but why would DNS
work for only some pages? And sometimes I could reach a top page at a site,
but not other links within the same site.

Jim
Click to expand...

Optimizing some settings on the Belkin router and/or notebook
computers could fix the slow-browsing and no-browsing problems. See
these web sites for more information:

http://www.dslreports.com/tweaks
http://www.dslreports.com/drtcp

Workgroup and domain membership have no effect on Internet access.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Back
Top