Advertisement

03.06.2008 at 09:31AM PST, ID: 23220331
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.5

Network shares visibility

Zones: Network Management, Windows Networking, Windows XP Operating System
I have a network with next components: 6 PC's, one ADSL modem/router, 1 switch, 1 router and 2 network printers. this is how it is connected

ADSL modem/router, switch and 4 PC;s are in one office, and router and 2 PC's are in another office

ADSL modem.router -> switch

switch ->:4PC's, router (router is located in 2nd office) and 1st network printer

router .> 2 PC's (router is working in bridge mode and acting like a switch) and 2nd network printer

All devices have 192.168.1.x IP addresses, subnet 255.255.255.0. and all devices have access to internet.

What I would like to do is have 2 PC's that are connected to router to be invisible to other 4 PC's, but visible to each other. All computers must have access to internet through ADSL modem. What are ways to achieve this and what is the most effective way? I am thinking of maybe setting router to Dynamic IP mode, enabling firewall on it, and setting these 2 PC's and 2nd network printer to 192.168.2.x IP range. Or maybe it is possible to achive this with different subntet masks on the 192.168.1.x IP range? I am still not very comfortable with subnetting.

Thanks,
Goran
Start your free trial to view this solution
Question Stats
Zone: Networking
Question Asked By: Priest04
Solution Provided By: donmanrobb
Participating Experts: 3
Solution Grade: A
Views: 0
Translate:
Loading Advertisement...
03.06.2008 at 09:38AM PST, ID: 21062766
MichaelVH:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 09:44AM PST, ID: 21062824
Gssc1414:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 11:16AM PST, ID: 21063667
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 11:54AM PST, ID: 21064061
donmanrobb:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:22PM PST, ID: 21064310
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:58PM PST, ID: 21064699
donmanrobb:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 05:27PM PST, ID: 21066482
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 05:58PM PST, ID: 21066649
donmanrobb:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 02:02AM PST, ID: 21068657
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 04:34AM PST, ID: 21069348
donmanrobb:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 06:46AM PST, ID: 21070512
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 03:11PM PST, ID: 21074935
donmanrobb:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.10.2008 at 02:59PM PDT, ID: 21090863
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.10.2008 at 03:03PM PDT, ID: 21090896
donmanrobb:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.10.2008 at 06:40PM PDT, ID: 21092281
Priest04:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • Automotive
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Displays / Monitors
  • Handhelds / PDAs
  • Components
  • Peripherals
  • Laptops/Notebooks
  • Servers
  • Misc
  • Apple
  • Embedded Hardware
  • Networking Hardware
  • Storage
  • Desktops
  • New Users
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMware
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Virtualization
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • Web Computing
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Consulting
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMware
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Automation
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Web Services
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Web Computing
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Lounge
  • Business Travel
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
  • Automotive
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
03.06.2008 at 09:38AM PST, ID: 21062766
MichaelVH:
You could configure the 2 PC's to be on a different subnet (VLAN), but obviously your switch/router should have to support that...
 
03.06.2008 at 09:44AM PST, ID: 21062824
Gssc1414:
Simply set the router to hand out IP addresses that have a different Network ID as the other PC's (192.168.2.x - like you mentioned).

Then remove the bridge from your router so it's functioning like a normal router - and if need be you can fill out the information in the router manually so that's it's Default Gateway is your ADSL modem / router. Also, connect a ethernet cable from your switch where your 4 PC's are to the WAN port on the router - and the other two PC's on the regular ports.


This should work for ya.
 
03.06.2008 at 11:16AM PST, ID: 21063667
Priest04:
Ok, to rephrase my question: if you were to design such a network, would you use this solution that you are suggesting? Router as a device that will place these two PC;s and one network printer in the separate network segment (on different subnet), while allowing them internet access that is provided by another network segment (another subnet)? And would there be any siginificant connection speed decrease because of the 2nd routing involved?

I have already implemented this solution to see it in practice, so I know how it needs to be done. I can't use static IP for WAN since there is no DNS paramter to be set, only gateway, so I needed to use Dynamic IP for WAN port on the router.

I know that it will work, I just need to know if this is a good approach, and if a network professional would use the same method to achieve this.

Goran
 
03.06.2008 at 11:54AM PST, ID: 21064061
donmanrobb:
Can you please post the what kind of router and swtiches you are using?
 
03.06.2008 at 12:22PM PST, ID: 21064310
Priest04:
Those are low cost switches and routers. ADSL modem/router is provided by ISP (Huawei MT882), router is Planet xrt-401d and switch is Pheenet 8-port, I cant remember the model, costs around 25e here. I am interested in finding answers on 2 questions:

1) What is the best way to configure this network with this equipment
2) what kind of solution/equipment would you implement (disregard my equipment). The idea is to have all PC's access to ADSL connection, and very basic file sharing, no severs involved. 2 PC's in 2nd office should not be visible to other PC's.

Goran
 
03.06.2008 at 12:58PM PST, ID: 21064699
donmanrobb:
I would say the easiest and cheapest solution would be to use ACLS/Firewalls to make rules on the router that blocks all traffic from your 4 pcs to your PC and if you wanted do the reverse as well, since its a cheaper router you'll probably have to make individual rules.

You could also do this with subnetting say changing the 2 pcs to 192.168.2.x but then for the default gateway to work properly you'll need to change the LAN address of the router their connected to, which isn't always an option without upgrading the router, plus you may then have to enable routing or enter static routes for the router to be able to access the internet still. If you change to a different subnet on the 1x, you will have to change both routers subnet since one will still have 255.255.255.0 it will be able to reach the pcs just fine. Also you can combine the changing the subnet with the firewall rule above to reduce the number of rules needed.

You could use VLANs but you would need a managed switch.
 
03.06.2008 at 05:27PM PST, ID: 21066482
Priest04:
Hello, donmanrobb, thanks for the comment.

ACL is a great option, but I was kind of confused how it is handled on planet router. huawei has IP filter option which I find very easy to use and it would be great to use in this case, but the problem is that huawei has only one LAN port. I am looking at the manual for planet at the moment, and will play tomorrow with its ACL.

I am not sure about one thing. If I have 2 subnets (use planet WAN port for internet connection), can PC's from one subnet access shares from PC's on another subnet? If no, then I dont need to use ACL, since I want to allow shares on these two subnets between PC's that are part of the same subnet.

Theoretical question, if you should make a choice to use either two subnets, or having one subnet and use ACL, what would you choose?

thanks,
Goran
 
03.06.2008 at 05:58PM PST, ID: 21066649
donmanrobb:
I'm not too familar with Planet routers either but from a quick glance on the internet it looks like it supports IP and MAC filtering both should be able to help you out.

From a strict security stand point I would prefer to use ACLs either on the router or on the 2 PCs rather then subnetting. The reason why is that putting the 2 PCs in a different subnet would work just fine if they didn't require internet access but since they do routing would need to be enabled (if Planet supports it) and ACLs would have to be used anyway.

The reason why is that most comsumer level routers are actually a router / intergrated 4 port switch so each router can only support one subnet. So for example if your WAN router was 192.168.2.X and your other router was 192.168.1.X the devices in the 1.X network would not know to reach the 2.X network and therefore would not be able to get online.
Accepted Solution
 
03.07.2008 at 02:02AM PST, ID: 21068657
Priest04:
>> From a strict security stand point I would prefer to use ACLs either on the router or on the 2 PCs rather then subnetting. The reason why is that putting the 2 PCs in a different subnet would work just fine if they didn't require internet access but since they do routing would need to be enabled (if Planet supports it) and ACLs would have to be used anyway.

The reason why is that most comsumer level routers are actually a router / intergrated 4 port switch so each router can only support one subnet. So for example if your WAN router was 192.168.2.X and your other router was 192.168.1.X the devices in the 1.X network would not know to reach the 2.X network and therefore would not be able to get online.

Would you explain why I need to use ACL anyway?

There is no problem with setting planet's LAN to 192.168.2.x subnet. I can't make it to work with WAN Statip IP, since there is no DNS to configure, but setting WAN as Dynamic IP works ok (internet connection works with no problem). Do I need to configure ACL at this point?

Thanks,
Goran
 
03.07.2008 at 04:34AM PST, ID: 21069348
donmanrobb:
If the internet works just fine with a Dynamic setting on all computers then before we continue just test to see if you can ping between all the computers in your network successfuly or not, if you can't we're done and I've given the routers too little credit. If you can ping across then then is still a need for the ACL.
 
03.07.2008 at 06:46AM PST, ID: 21070512
Priest04:
Internet work fine. I can ping between PC;s on 192.168.2.x subnet, and I want to allow sharing on this subnet, and I can ping between PC's on 192.168.1.x subnet, where I also want to allow sharing. Are you now asking me from PC 192.168.1.11 to ping 192.168.2.11 PC, although they are on different subnets? Is it possible to ping from one subnet to another?
 
03.07.2008 at 03:11PM PST, ID: 21074935
donmanrobb:
Yes, please ping from 192.168.1.11 to ping 192.168.2.11, if it doesn't work we're done and the problem is sovled.
 
03.10.2008 at 02:59PM PDT, ID: 21090863
Priest04:
Can't ping from other subnet, seems that firewall did a good job. If I can't ping to a PC, does that for sure mean that I can't access it? This is the last question, and I will close the post as soon as you answer it. I thank you for reminding me about the ACL, I totally forgot about it.
 
03.10.2008 at 03:03PM PDT, ID: 21090896
donmanrobb:
Pinging should be a good test since if the ping icmp packet is blocked it implies everything is blocked as well. You could always just try and access a share on the other network to confirm.
 
03.10.2008 at 06:40PM PDT, ID: 21092281
Priest04:
ok, thanks for all the help.

Goran
 
 
20080236-EE-VQP-29 / EE_QW_EXPERT_20070906