uplink newbie question

R

Robert Frost

I have 3 computers running xp networked via a netgear wireless router.

I have a wireless laptop also running xp which connects perfectly to
the lan via a wireless link to the netgear router and can access files
on the other computers.

I have a separate building in which there is a linksys wireless router
which is connected by ethernet cable to the 4th port on the netgear
router and is intended purely as a wireless access point. This works
fine for internet access but will not allow the laptop to access the
lan. Presumably this is because of a firewall in the linksys.

The netgear router can see the linksys and gives it IP and MAC
addresses.

How can I get into the linksys to turn the firewall off?
 
C

Chuck

I have 3 computers running xp networked via a netgear wireless router.

I have a wireless laptop also running xp which connects perfectly to
the lan via a wireless link to the netgear router and can access files
on the other computers.

I have a separate building in which there is a linksys wireless router
which is connected by ethernet cable to the 4th port on the netgear
router and is intended purely as a wireless access point. This works
fine for internet access but will not allow the laptop to access the
lan. Presumably this is because of a firewall in the linksys.

The netgear router can see the linksys and gives it IP and MAC
addresses.

How can I get into the linksys to turn the firewall off?
Click to expand...

Robert,

Not all NAT routers contain firewalls. And those that do, do not firewall
outgoing traffic. If your laptop, connected to the Linksys, needs to access the
LAN on the Netgear, it's creating outgoing traffic thru the Linksys, which is
not filtered.

I'll bet your problem is caused by subnetting. To use the Linksys as a WAP, you
need to:
1) Login to the Linksys, and disable the DHCP server.
2) Change the Linksys LAN port address to something on the same subnet as the
Netgear LAN - but outside the Netgear DHCP scope.
3) Connect the Linksys to the Netgear thru LAN ports on both.
4) If the laptop is setup as a DHCP client, and the Netgear LAN is on DHCP, the
laptop should connect, and should be able to access any of its peers on your one
LAN. If the Netgear LAN is (hopefully) using fixed ip addresses, assign an
appropriate address to the laptop.

But please don't stop there - using DHCP on a wireless LAN exposes all the
computers, wired and wireless.

Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.

The point is, you need to protect a wireless LAN with more precautions than just
the NAT firewall.

Change the router management password, and disable remote (WAN) management.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually.

Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Configure
the firewall to allow file sharing only in the Local Zone.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
here). Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.

Cheers,
Chuck
 
R

Robert Frost

Chuck said:
Robert,

Not all NAT routers contain firewalls. And those that do, do not firewall
outgoing traffic. If your laptop, connected to the Linksys, needs to access the
LAN on the Netgear, it's creating outgoing traffic thru the Linksys, which is
not filtered.

I'll bet your problem is caused by subnetting. To use the Linksys as a WAP, you
need to:
1) Login to the Linksys, and disable the DHCP server.
2) Change the Linksys LAN port address to something on the same subnet as the
Netgear LAN - but outside the Netgear DHCP scope.
3) Connect the Linksys to the Netgear thru LAN ports on both.
4) If the laptop is setup as a DHCP client, and the Netgear LAN is on DHCP, the
laptop should connect, and should be able to access any of its peers on your one
LAN. If the Netgear LAN is (hopefully) using fixed ip addresses, assign an
appropriate address to the laptop.

But please don't stop there - using DHCP on a wireless LAN exposes all the
computers, wired and wireless.

Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.

The point is, you need to protect a wireless LAN with more precautions than just
the NAT firewall.

Change the router management password, and disable remote (WAN) management.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually.

Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Configure
the firewall to allow file sharing only in the Local Zone.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
here). Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.

Cheers,
Chuck
Click to expand...


Thanks Chuck. thats a whole heap of advice. I discovered last night
tthere is no firewall in the linksys. As you are right about that i'll
assume you are right about all the rest. many thanks.
 
C

Chuck

Thanks Chuck. thats a whole heap of advice. I discovered last night
tthere is no firewall in the linksys. As you are right about that i'll
assume you are right about all the rest. many thanks.
Click to expand...

Robert,

MP. Good luck and stay safe.

Cheers,
Chuck
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sharing printer in xp 5
connect laptop and desktop 2
Ethernet network won't work without third (wireless) computer. 25
configuring a Linksys to work behind a Netgear 1
Adding a wireless router 10
Netgear to Linsky Router is Possible? 13
print to a printer on another network 2
ICS Telstra Mobile Broadband 2

Top