how to configure LAN settings?

B

breeze

we have small Lan 4 box, 2 box-win XP Home ed., 2 box -win XP Profes.
Lan connected to switch, and switch connected to router. We have no access
to this router. There are also another's groups which get internet
connection from this router(they icons are visible in My Network Places) Our
Lan must be fully inaccessible to them and for others WAN, disable
file/print sharing for connections coming into our LAN(outside connections),
if this occurs.
 
R

Ron Lowe

breeze said:
we have small Lan 4 box, 2 box-win XP Home ed., 2 box -win XP Profes.
Lan connected to switch, and switch connected to router. We have no access
to this router. There are also another's groups which get internet
connection from this router(they icons are visible in My Network Places)
Our
Lan must be fully inaccessible to them and for others WAN, disable
file/print sharing for connections coming into our LAN(outside
connections),
if this occurs.
Click to expand...


If you have no access to the network beyond your local switch, then the most
secure thing you could do is buy a hardware firewall device and connect it
in-line from the switch to the upstream router.
 
R

Ron Lowe

breeze said:
we have small Lan 4 box, 2 box-win XP Home ed., 2 box -win XP Profes.
Lan connected to switch, and switch connected to router. We have no access
to this router. There are also another's groups which get internet
connection from this router(they icons are visible in My Network Places)
Our
Lan must be fully inaccessible to them and for others WAN, disable
file/print sharing for connections coming into our LAN(outside
connections),
if this occurs.
Click to expand...


Sorry, hit 'send' too early.

If you have no access to the network beyond your local switch, then the most
secure thing you could do is buy a hardware firewall device and connect it
in-line from the switch to the upstream router.

An alternative would be to use a software firewall and specify the IP
address range your PCs are using as local.
For example, if all your machines have SP2, you can go to the firewall,
ensure it is enabled, turn on the exception for File and Print sharing,
select Edit, and Change Scope.

The problem I forsee here is that the router is allocating IP addresses in
the same subnet to your group and the other group. So it may be difficult
to nail down the correct scope.

So unless you are able to nail down the exact IP addresses your machines are
always going to be using, this may not be easy.

That's why I'd be inclined to use a hardware firewall box.
It's easier to define local traffic when you can say 'everything on that
port is local', and 'everything on that port is the outside world'.
 
B

breeze

And what if not all machines have SP2(though windows firewall have all XP
machines)?
I can find local IP adress of each machine. Once I tried set firewall for
our machines, but these cause some problems with file and printer sharing in
our PCs(though, it past we have one machine Win 98 in our LAN. Now all have
XP) If try use windows XP firewall: there should be specified IP of each
machine, not IP range, there no range numbers). Where this IP selectors?

Firewall is turned on my box, default settings, (checked ' File and printer
sharing', Remote assistance; 'UPnP Framework')

Thanks,
breeze
 
B

breeze

And what if not all machines have SP2(though windows firewall have all XP
machines)?
I can find local IP adress of each machine. Once I tried set firewall for
our machines, but these cause some problems with file and printer sharing in
our PCs(though, it past we have one machine Win 98 in our LAN. Now all have
XP) If try use windows XP firewall: there should be specified IP of each
machine, not IP range, there no range numbers). Where this IP selectors?

Firewall is turned on my box, default settings, (checked ' File and printer
sharing', Remote assistance; 'UPnP Framework')

Thanks,
breeze
 
R

Ron Lowe

breeze said:
And what if not all machines have SP2(though windows firewall have all XP
machines)?
I can find local IP adress of each machine. Once I tried set firewall for
our machines, but these cause some problems with file and printer sharing
in our PCs(though, it past we have one machine Win 98 in our LAN. Now all
have XP) If try use windows XP firewall: there should be specified IP of
each machine, not IP range, there no range numbers). Where this IP
selectors?

Firewall is turned on my box, default settings, (checked ' File and
printer sharing', Remote assistance; 'UPnP Framework')

Thanks,
breeze
Click to expand...



Only the firewall on SP2 is configurable enough to do this.
The ICF firewall pre-SP2 would block file and print sharing.

How to set the IP range:

On an SP 2 machine, Go to the firewall;
Exceptions tab;
Highlight File And Print Sharing;
Edit button;
Change Scope button.

If your LAN has a mixture of machines, I'd recommend a hardware solution.
One device protects the whole LAN.
 
B

breeze

Need I change scope for each subnet: TCP 139, TCP 445, UDP 137, UDP 138 or
for TCP 139 only?
There was selected "My network(subnet) only" -does this mean sharing
accessible for any PCs outside our Lan, if these machines are connected to
router?

"Custom list": should i specify just IP like 192.168.114.201 or with mask
192.168.114.201/255.255.255.0 ? There are shown unclear sample.

Thanks,
breeze
========================
 
R

Ron Lowe

breeze said:
Need I change scope for each subnet: TCP 139, TCP 445, UDP 137, UDP 138 or
for TCP 139 only?
There was selected "My network(subnet) only" -does this mean sharing
accessible for any PCs outside our Lan, if these machines are connected to
router?

"Custom list": should i specify just IP like 192.168.114.201 or with mask
192.168.114.201/255.255.255.0 ? There are shown unclear sample.

Thanks,
breeze
Click to expand...



You need to change them all.

The default is My Subnet, and that will include all machines hooked to the
LAN side of the router, including the other group most likely. Typically,
this will be all machines in the 192.168.0.x subnet.

Type a list of IP addresses seperated by commas.

Unless you know your group has the lower half of the IP address range
assigned to it, ( eg. 192.168.0.1 thru 192.168.0.127 )and the other group
has the upper half assigned to it ( eg. 192.168.0.128 thru 192.168.0.254 ),
then you are not going to be able to use subnets to define the range. And
if the router in question is just a regular broadband router assigning
192.168.0.x addresses, there's no knowing what address anyone in either
group will get.

This whole approach will break if the router assigns you a different IP
address next time you boot up.

That's why I'd use some other approach.
Either a firewall box or a second router between the switch and the upstream
router.
 
B

breeze

This whole approach will break if the router assigns you a different IP
address next time you boot up.

Is there a way to determine does my IP has been changed each time I boot up?
As I know each of our PC have own local IP like 192.168.0.45 and Default
gateway 192.168.0.1


Thank you,
breeze
====================
 
R

Ron Lowe

Is there a way to determine does my IP has been changed each time I boot
up? As I know each of our PC have own local IP like 192.168.0.45 and
Default gateway 192.168.0.1
Click to expand...



command prompt, type "ipconfig /all".
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Internet Connection Sharing 6
how to configure windows firewall? 9
Internet settings on home LAN 5
Connection to LAN dropping on XP but not Vista 1
how to block access for outer LANs? 7
how to convigure LAN 6
network / internet/ router question 3
router / internet / network question 1

Top