small office sharing & blocking computer folders

[Guest]

I have a small office running windows XP pro on 8 computers and one network
printer/scanner. I currently have a single T1 line that is split off to 4
routers (2 computers per router. Each router uses a different subnet such as
192.168.0.x, 192.168.1.x, 192.168.2.x & 192.168.3.x. I did this to prevent
cross network sharing of files but now I'm faced with sharing one
printer/scanner between all 8 computers. I have 2 linksys routers (differnt
models), 1 Dlink router and one Netgear router.

I need help finding a solution to allowing access print and scan to the one
network printer/scanner which is currently on 192.168.0.x router.

I would consider swithing to one router and one private IP range if I could
have 4 different workgroups and allow sharing between computers within the
workgroup and block sharing from computers outside the workgroup.

I'm looking for any or all possible solutions or work arounds. I hope
someone has a simple solution.

 

[Steve Winograd [MVP]]

I have a small office running windows XP pro on 8 computers and one network
printer/scanner. I currently have a single T1 line that is split off to 4
routers (2 computers per router. Each router uses a different subnet such as
192.168.0.x, 192.168.1.x, 192.168.2.x & 192.168.3.x. I did this to prevent
cross network sharing of files but now I'm faced with sharing one
printer/scanner between all 8 computers. I have 2 linksys routers (differnt
models), 1 Dlink router and one Netgear router.

I need help finding a solution to allowing access print and scan to the one
network printer/scanner which is currently on 192.168.0.x router.

I would consider swithing to one router and one private IP range if I could
have 4 different workgroups and allow sharing between computers within the
workgroup and block sharing from computers outside the workgroup.

I'm looking for any or all possible solutions or work arounds. I hope
someone has a simple solution.

Using different workgroups won't help. A computer in any workgroup
can access a computer in workgroup.

How are the routers connected to the T1 line? Are the routers in
parallel (each router connects to the T1 through a hub or switch)?
Are the routers in series (one router connects to the T1 line, each
subsequent router connects to the previous router)? Something else?

Here's a possible solution that should work, provided that:

1. All of the routers can share a single public IP address provided
by the T1 line, and:

2. The computers can communicate with the network printer/scanner
through its IP address.

Get a new "master" router. The new router connects to theT1 line and
the network printer/scanner and feeds all of the old routers:

1. Connect the new router's WAN (Internet) port to the T1 line.

2. Connect each of the old routers to a LAN port on the new router.
Assign a static WAN IP address to each of the old routers.

3. Connect the network printer/scanner to a LAN port on the new
router, and assign it a static IP address.

4. On the new router, create a static route for each of the old
routers, specifying how to communicate each router's subnet.
For example, assume that new router's LAN IP address is 192.168.0.1,
and that the first old router has a WAN IP address of 192.168.0.2 and
a LAN subnet of 192.168.1.x. Then the new router needs a static route
telling it to send all packets for 192.168.1.x to 192.168.0.2.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

Thanks Steve I will give this sugestion a try but 1) I want to answer your
question about how the routers are connected to the T1 line and 2) I have a
follow up question to the master router setup you described.

First currently the T1 line goes into a modem/router that was supplied to us
by the ISP and they will not let me into the configuration. Each old router
is in parallel and each old router has a static IP from the T1 modem/router.
I'm not dead set on doing it this way that is just the way it was first
setup.

Now a few question on your suggestion to use one main router and setup a
static route.

None of the routers I have or have seen seem to have a static routing
feature. They all seem to have port forwarding and the new linksys has IP
based ACL which seems to be able set a rule with a source and destination.
Will this do?

If not could you recommend a router in the $200 to $500 range that will
allow static routing but not too hard to configure. I hear Cisco routers with
command based configuration are very flexible but hard to setup if your not
familiar with thier IOS.

Will static routing on the main router for all the subnets to the routers
WAN public IP allow for 1) print jobs to be sent to the printer from all
routed subnets and 2) will the printer/scanner be allowed to send scanned
files as PDF's to a specific shared foler on any computer on any subnet based
on the unc path to the shared folder?

And last for now, will I need to configure any static routing or port
forwarding on the old routers if I use one main router as you suggested?

Thanks again, I can't thank all of you enough for help and suggestions.

 

[Steve Winograd [MVP]]

Thanks Steve I will give this sugestion a try but 1) I want to answer your
question about how the routers are connected to the T1 line and 2) I have a
follow up question to the master router setup you described.

You're welcome, Tbrox.

First currently the T1 line goes into a modem/router that was supplied to us
by the ISP and they will not let me into the configuration. Each old router
is in parallel and each old router has a static IP from the T1 modem/router.
I'm not dead set on doing it this way that is just the way it was first
setup.

OK. Do the old routers get public IP addresses or private IP
addresses from the ISP's modem/router? I'm assuming that they get
private addresses. If they get public addresses, I'm not sure that my
suggestion will work.

Now a few question on your suggestion to use one main router and setup a
static route.

None of the routers I have or have seen seem to have a static routing
feature. They all seem to have port forwarding and the new linksys has IP
based ACL which seems to be able set a rule with a source and destination.
Will this do?

I don't think that port forwarding or IP based ACL can do what static
routing does.

If not could you recommend a router in the $200 to $500 range that will
allow static routing but not too hard to configure. I hear Cisco routers with
command based configuration are very flexible but hard to setup if your not
familiar with thier IOS.

I have two inexpensive home broadband routers that have a static
routing capability: Motorola WR850G and Linksys WRT54GS. I'm not
familiar with any routers in the $200 to $500 range, and I have no
experience with Cisco routers.

Will static routing on the main router for all the subnets to the routers
WAN public IP allow for 1) print jobs to be sent to the printer from all
routed subnets and 2) will the printer/scanner be allowed to send scanned
files as PDF's to a specific shared foler on any computer on any subnet based
on the unc path to the shared folder?

Printing to a printer connected to the main router should not require
static routing.

Sending scanned files from a networked printer/scanner to computers on
the old routers might require static routing to enable the
printer/scanner to send packets to the computers. But that depends on
how the printer/scanner's software is implemented, and I can't say for
sure.

And last for now, will I need to configure any static routing or port
forwarding on the old routers if I use one main router as you suggested?
No.

Thanks again, I can't thank all of you enough for help and suggestions.

--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

Once again thank you Steve for your insiteful help.

OK, I found the static routing setup page on my WRT54G and my Linksys
RVS4000 routers. It was under advanced routing. 1) I didn't know to look for
static routing until you told me about it and 2) I didn't know where to look
for it until I started looking at Linksys online manuals.

Coming from the Netopia router that came with the T1 line I was told to
configure the 4 other routers with stitic IP address such as 216.27.xxx.xx.
I have emailed Speakeasy and asked if the netopia router supports static
routing. If so I might be able to have them configure the static routing for
me. If not or if I want more control I will purchase a new main router that
I know supports static routing and connect it to the netopia router at the
WAN port and then connect my 4 older routers the the LAN ports on it.

I won't be able to test everything out for a few day so as soon as I know if
this works or not I will come back and post either way.

 

[Steve Winograd [MVP]]

Once again thank you Steve for your insiteful help.

OK, I found the static routing setup page on my WRT54G and my Linksys
RVS4000 routers. It was under advanced routing. 1) I didn't know to look for
static routing until you told me about it and 2) I didn't know where to look
for it until I started looking at Linksys online manuals.

Coming from the Netopia router that came with the T1 line I was told to
configure the 4 other routers with stitic IP address such as 216.27.xxx.xx.
I have emailed Speakeasy and asked if the netopia router supports static
routing. If so I might be able to have them configure the static routing for
me. If not or if I want more control I will purchase a new main router that
I know supports static routing and connect it to the netopia router at the
WAN port and then connect my 4 older routers the the LAN ports on it.

I won't be able to test everything out for a few day so as soon as I know if
this works or not I will come back and post either way.

You have public IP addresses. For my suggestion to work, I think
you'll have to connect a new main router between the Netopia and the
four older routers, then configure the new main router with static
routes. All of the computers will then be sharing one public IP
address.

I look forward to hearing more from you later.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

Steve, I picked up a Linksys BEFSR41 router to test as a main router in the
setup you suggested. Can you please verify that i'm entering the correct
information into the static routing feilds?

Main router gateway: 192.168.5.1 LAN (DHCP off)
Main router static IP: 216.27.xxx.xx Sunet and DNS as per T1 line
settings.

Old router 1 wan: 192.168.5.2 sub: 255.255.255.0 DNS same as main
router
Old router 1 lan: 192.168.0.2 to 192.168.0.51 dhcp on, gateway
192.168.0.1

Old router 2 wan: 192.168.5.3 same sub and dns as above
Old router 2 lan: 192.168.1.100 to 150 with static ip's at 2
computer ending in
49 and 51. Gateway 192.168.1.1, DHCP on.

Main router static routing settings: Below are all the fields avalable.

select entry 1 (old1)
Route name: old1
Destination IP: 192.168.5.2
subnet: 255.255.255.0
Gateway: 192.168.0.1
Hop count: 5
Interface: LAN

select entry 2 (old2)
Route name: old2
Destination IP: 192.168.5.3
subnet: 255.255.255.0
Gateway: 192.168.1.1
Hop count: 5
Interface: LAN

When I open the Routing table it reads: (the xxx are values)

Desination Subnet default gateway hop
interface
0.0.0.0 0.0.0.0 216.27.xxx.xx
1 WAN
192.168.5.0 255.255.255.0 0.0.0.0 1
LAN
216.27.xxx.xx 255.255.255.xxx 0.0.0.0 1
WAN

I don't know if this matters right now or not but this router is only
connected to my laptop for configuration. Tomorrow I will connect it up,
change wires and old router settings and setup the printer with a static IP
on the main router.

I hope you get a chance to look at this and advise if I set something wronge
before Friday morning PST.

Thanks so much once again

 

[Steve Winograd [MVP]]

Steve, I picked up a Linksys BEFSR41 router to test as a main router in the
setup you suggested. Can you please verify that i'm entering the correct
information into the static routing feilds?

Main router gateway: 192.168.5.1 LAN (DHCP off)
Main router static IP: 216.27.xxx.xx Sunet and DNS as per T1 line
settings.

Old router 1 wan: 192.168.5.2 sub: 255.255.255.0 DNS same as main
router
Old router 1 lan: 192.168.0.2 to 192.168.0.51 dhcp on, gateway
192.168.0.1

Old router 2 wan: 192.168.5.3 same sub and dns as above
Old router 2 lan: 192.168.1.100 to 150 with static ip's at 2
computer ending in
49 and 51. Gateway 192.168.1.1, DHCP on.

Main router static routing settings: Below are all the fields avalable.

select entry 1 (old1)
Route name: old1
Destination IP: 192.168.5.2
subnet: 255.255.255.0
Gateway: 192.168.0.1
Hop count: 5
Interface: LAN

select entry 2 (old2)
Route name: old2
Destination IP: 192.168.5.3
subnet: 255.255.255.0
Gateway: 192.168.1.1
Hop count: 5
Interface: LAN

When I open the Routing table it reads: (the xxx are values)

Desination Subnet default gateway hop
interface
0.0.0.0 0.0.0.0 216.27.xxx.xx
1 WAN
192.168.5.0 255.255.255.0 0.0.0.0 1
LAN
216.27.xxx.xx 255.255.255.xxx 0.0.0.0 1
WAN

I don't know if this matters right now or not but this router is only
connected to my laptop for configuration. Tomorrow I will connect it up,
change wires and old router settings and setup the printer with a static IP
on the main router.

I hope you get a chance to look at this and advise if I set something wronge
before Friday morning PST.

Thanks so much once again

I don't know whether your printer/scanner requires static routes on
the main router. Everything might work without them. If static
routes are required, to enable the printer/scanner to send packets to
the computers, those routes must tell the main router how to reach the
subnets of the other routers.

I see what I think are two problems with the route definitions that
you listed:

1. The "Destination IP" and "Gateway" are reversed.

2. The "Destination IP" should indicate a whole subnet, not an
individual IP address.

Here's what I think the routes should say:

select entry 1 (old1)
Route name: old1
Destination IP: 192.168.0.0
subnet: 255.255.255.0
Gateway: 192.168.5.2
Hop count: 5
Interface: LAN

select entry 2 (old2)
Route name: old2
Destination IP: 192.168.1.0
subnet: 255.255.255.0
Gateway: 192.168.5.3
Hop count: 5
Interface: LAN

The route table that you listed doesn't show either of the routes
"old1" or "old2", so I'm not sure that the router recognizes the
definitions that you made.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

I was wondering if I had the destination and gatway reversed.

The route table now says.

Desination Subnet default gateway hop interface
0.0.0.0 0.0.0.0 216.27.xxx.xx 1 WAN
192.168.0.0 255.255.255.0 192.168.5.2 5 LAN
192.168.1.0 255.255.255.0 192.168.5.3 5 LAN
192.168.5.0 255.255.255.0 0.0.0.0 1 LAN
216.27.xxx.xx 255.255.255.xxx 0.0.0.0 1 WAN

I will know in a few hours if it all works OK but I won't be about to post
until late tonight.

Once again Thanks.

 

[Steve Winograd [MVP]]

I was wondering if I had the destination and gatway reversed.

The route table now says.

Desination Subnet default gateway hop interface
0.0.0.0 0.0.0.0 216.27.xxx.xx 1 WAN
192.168.0.0 255.255.255.0 192.168.5.2 5 LAN
192.168.1.0 255.255.255.0 192.168.5.3 5 LAN
192.168.5.0 255.255.255.0 0.0.0.0 1 LAN
216.27.xxx.xx 255.255.255.xxx 0.0.0.0 1 WAN

I will know in a few hours if it all works OK but I won't be about to post
until late tonight.

Once again Thanks.

You're welcome. The route table looks good. I look forward to seeing
your next post.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

OK, I'm half good. I can now print from every router and subnet so print
info goes from 192.168.0.xx and 192.168.1.xxx to the printer at 192.168.5.100
but when the printer tries to send a scanned document (PDF) back the other
way it is being blocked.

Any idea how I can open it up so I can get two way trafic?

 

[Steve Winograd [MVP]]

OK, I'm half good. I can now print from every router and subnet so print
info goes from 192.168.0.xx and 192.168.1.xxx to the printer at 192.168.5.100
but when the printer tries to send a scanned document (PDF) back the other
way it is being blocked.

Any idea how I can open it up so I can get two way trafic?

What exactly happens when the printer tries to send a scanned document
the other way? If there's an error message, what does it say?

What is the make and model of the printer?

Connect a computer to the main (192.168.5.x) router and see if it can
ping all of the computers on the other routers using their IP
addresses. If it can't, there might still be a routing problem on the
main router.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

I did the ping test from the main router to a computer on one of the old
routers and all the pings timed out.

The MFM is a Toshiba eStudio T352 and it just says error sending file. It
is setup to scan to a file and save on \\computer name\shared folder that is
located behind one of the old routers that is on 192.168.0.3 This is also
the IP that I tried to ping.

I tried adding a new static route and switching the destination and gateway
IP addresses but the gateway feild would not except a "0" for the last octate.

 

[Steve Winograd [MVP]]

I did the ping test from the main router to a computer on one of the old
routers and all the pings timed out.

The MFM is a Toshiba eStudio T352 and it just says error sending file. It
is setup to scan to a file and save on \\computer name\shared folder that is
located behind one of the old routers that is on 192.168.0.3 This is also
the IP that I tried to ping.

I tried adding a new static route and switching the destination and gateway
IP addresses but the gateway feild would not except a "0" for the last octate.

The printer is in a different subnet than the computers, so it can't
access them using their computer names. Use their IP addresses, e.g.
\\192.168.0.3\shared folder

For the same reason, pinging by computer name won't work. Ping the
computers using their IP addresses.

So, all of the computers must have static IP addresses.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

I will go into the office next week and give that a try but when I was on a
computer on the main router. 192.168.5.xxx and I issued a ping command to
192.168.0.3 I got timed out replies.

I typed: ping 192.168.0.3 "enter" from a command prompt.

 

[Steve Winograd [MVP]]

I will go into the office next week and give that a try but when I was on a
computer on the main router. 192.168.5.xxx and I issued a ping command to
192.168.0.3 I got timed out replies.

I typed: ping 192.168.0.3 "enter" from a command prompt.

I think that pings will have to work before the printer will be able
to access shared folders.

Double check the routing table on the main router. Configure
firewalls on all of the computers to allow full access by the
192.168.5.0/255.255.255.0 subnet.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

Hi Steve,

I was thinking that it might be a computer firewall issue but I didn't think
much of it until you mentioned it. I just wanted to make sure you knew I did
ping to IP and not netbios name.

The routing table is the same as it was a few posting ago after I switched
the settings and you said it looked good. So if you think changes need to be
made I'm all ears. or in this case all eyes.

I can't thank you enough. It certainly has been an education. I sure hope
all of our postings will help someone else in a similar situation.

 

[Guest]

I just checked remotely the computer on 192.168.0.3 and windows firewall is
off and no 3rd party firewall is running. The only thing I see is Norton AV
2006 has that Internete Worm program running. Will that block a request from
192.168.5.xxx? Also could there be a firewall or other setting in the router
for 192.168.0.xxx that is blocking 192.168.5.xxx?

 

[Steve Winograd [MVP]]

I just checked remotely the computer on 192.168.0.3 and windows firewall is
off and no 3rd party firewall is running. The only thing I see is Norton AV
2006 has that Internete Worm program running. Will that block a request from
192.168.5.xxx? Also could there be a firewall or other setting in the router
for 192.168.0.xxx that is blocking 192.168.5.xxx?

Yes, the "Internet Worm Protection" in Norton AV acts as a firewall.
It needs to be configured to allow traffic from 192.168.5.xxx.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

I have disabled the Norton Internet worm program all together for testing.
from a computer on the 192.168.5.x network I'm still unable to ping this
computer at 192.168.0.3. I can however ping the gateway 192.168.0.1. I even
tried turning off all firewall features within the router that is controlling
192.168.0.xxx. It didn't help.

My routing table on the main router (192.168.5.0) still looks like this:

Desination Subnet default gateway hop interface
0.0.0.0 0.0.0.0 216.27.xxx.xx 1 WAN
192.168.0.0 255.255.255.0 192.168.5.2 5 LAN
192.168.1.0 255.255.255.0 192.168.5.3 5 LAN
192.168.5.0 255.255.255.0 0.0.0.0 1 LAN
216.27.xxx.xx 255.255.255.xxx 0.0.0.0 1 WAN

I sure hope you have some additional suggestions or test I can do.

Once again, Thank YOU!