lnwright
asked on
Connect to PC on WAN Side of Router
Dear Experts,
I want to use a router (Netgear RT314) as a type of firewall inside a LAN. Basically I want to separate a less secure section of the LAN from the main part of the LAN.
The way I was thinking of doing it was to connect the main part of the LAN to the LAN port of the router and the less secure part to the Internet port. I think this should allow traffic to flow freely from the main part of the LAN to less secure part of the LAN but block all traffic from the less secure part to the main part. (The router is configured to block all traffic from the Internet side)
I have tried this with my router and it does not seem to work. I have tested using 2 pc's with addresses 10.0.0.110 and 10.0.0.150 and a subnet of 255.255.255.0. The PC on the LAN side of the router can not ping the machine on the Internet side. When I attach them both to the LAN side they can ping each other as expected. The machine on the LAN side can also ping the router 10.0.0.102 OK.
Appreciate any comments.
Lee.
I want to use a router (Netgear RT314) as a type of firewall inside a LAN. Basically I want to separate a less secure section of the LAN from the main part of the LAN.
The way I was thinking of doing it was to connect the main part of the LAN to the LAN port of the router and the less secure part to the Internet port. I think this should allow traffic to flow freely from the main part of the LAN to less secure part of the LAN but block all traffic from the less secure part to the main part. (The router is configured to block all traffic from the Internet side)
I have tried this with my router and it does not seem to work. I have tested using 2 pc's with addresses 10.0.0.110 and 10.0.0.150 and a subnet of 255.255.255.0. The PC on the LAN side of the router can not ping the machine on the Internet side. When I attach them both to the LAN side they can ping each other as expected. The machine on the LAN side can also ping the router 10.0.0.102 OK.
Appreciate any comments.
Lee.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I should make one more point. At this stage and probably permanently there is only 1 pc connected to the less secure part of the LAN.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also see http://www.tech24.arce.co.uk/networks/wireless.htm that is a closer example to your requirement
ASKER
OK here is what I've done. I assigned a fixed IP of one machine of 10.0.1.150, my RT314 of 10.0.1.102 and another of 10.0.0.103 and another machine 10.0.0.115. So basically I now have 2 subnets. On my pc ( on the LAN side of the RT314) I have set the gateway to 10.0.1.102. In the RT314 I have set up a routing rule that forwards all traffic desitined for 10.0.0.115 to a gateway of 10.0.0.103. I can now ping both 115 and the router OK. I can't seem to file share with 115 though. Even using and IP address.
Appreciate any thoughts.
Appreciate any thoughts.
ASKER
Thanks Snerkel,
This is very handy to know. I tried and it works fine for internet access but it does not seem to allow file sharing.
Lee.
This is very handy to know. I tried and it works fine for internet access but it does not seem to allow file sharing.
Lee.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you may need to open some ports (if you are trying to reach one of the machines on the LAN from the outside)
http://www.nacs.uci.edu/security/netbios.html
http://www.nacs.uci.edu/security/netbios.html
or go to run in the start menu and type
\\192.168.8.30
replacing 192.168.8.30 with the IP of the machine you want to connect to.
Obviously you can only do this from your side of the router, anyone outside your router won't be able to do this to yours
\\192.168.8.30
replacing 192.168.8.30 with the IP of the machine you want to connect to.
Obviously you can only do this from your side of the router, anyone outside your router won't be able to do this to yours
Note: that kind of defeats the purpose of a firewall LOL
ASKER
Thanks,
snerkel,
I have tried using the IP address for the file share eg \\192.168.0.1 but that doesn't work
stevenlewis,
I don't think you really understand the question. I don't want to connect from the WAN side to the LAN side. I want to only connect from the LAN side to the WAN side. Effectively I do want it to act a firewall but I still want traffic to flow from the LAN to the WAN
Regards,
Lee.
snerkel,
I have tried using the IP address for the file share eg \\192.168.0.1 but that doesn't work
stevenlewis,
I don't think you really understand the question. I don't want to connect from the WAN side to the LAN side. I want to only connect from the LAN side to the WAN side. Effectively I do want it to act a firewall but I still want traffic to flow from the LAN to the WAN
Regards,
Lee.
It should work, it may atke a few seconds. Things to check
Your LAN must be using an IP range different from the WAN one you are trying to connect to, I assume that you are using 10.x.x.x from your original post, and the WAN side is 192.168.x.x
Other thing to check is if PC with shares has a software firewall, this may be blocking your access attempts.
Try connecting to the WAN network and make sure you can access the share (if you haven't already done this)
I have the same setup as you and can connect to any share on the WAN side of my router.
Other thought is you are using \\192.168.0.1 is this definately the IP address of the machine you want to connect to, can you ping it ?
Your LAN must be using an IP range different from the WAN one you are trying to connect to, I assume that you are using 10.x.x.x from your original post, and the WAN side is 192.168.x.x
Other thing to check is if PC with shares has a software firewall, this may be blocking your access attempts.
Try connecting to the WAN network and make sure you can access the share (if you haven't already done this)
I have the same setup as you and can connect to any share on the WAN side of my router.
Other thought is you are using \\192.168.0.1 is this definately the IP address of the machine you want to connect to, can you ping it ?
I do understand, you want to connect from inside the LAN to the other side of the router
net use* \\<ip address> should work, unless there is something like zone alarm, or XP's built in firewall is blocking access. Assuming file sharing is active on the target machine, and NetBIOS over tcp is enqabled
net use* \\<ip address> should work, unless there is something like zone alarm, or XP's built in firewall is blocking access. Assuming file sharing is active on the target machine, and NetBIOS over tcp is enqabled
as a test, move it to the LAN side of the router, assign a correct ip, and see if you can access the shares then. If so, then move it back tot he WAN side and test
Hi,
I had a similar problem once. I had 2 machines with 2 network cards each on them. 1 wireless and 1 wired NIC each using IP addresses from 192.168.1.x for the wired NICs and 192.168.0.x for the wireless cards. I couldn't share files at all between the two machines until I changed the wired NICs to use IPs in the range 10.10.10.x after that filesharing was easy to set up.
The way I see it the difference addresses between subnets needed to be MORE different in order for windows file sharing to work. You may want to try putting one of your subnets on 10.0.0.x and the other one on 192.168.0.x or something like that.
Oh, and one other thought, do you have netbios installed as a network protocol? or anything other than tcp/ip? If so this may be the problem.....netbios, IPX/SPX and some other protocols are not-routable protocols, meaning they don't propagate past a router or bridge. Sometimes, even if you have tcp/ip installed another protocol can somehow leap ahead of tcp/ip as the default protocol (usually you have to have a network device in place that's broadcasting in this protocol for this to happen). If you don't have any other protocols installed of course this can't happen, but you don't necessarily need to have any other protocol other than tcp/ip anyway because windows 2000 and xp come with a tcp/ip netbios helper service which provides netbios functionality from within tcp/ip. Seeing as how you can't seem to get netbios functionality beyond your router I thought this might be the issue.
Good Luck,
PJimerson
I had a similar problem once. I had 2 machines with 2 network cards each on them. 1 wireless and 1 wired NIC each using IP addresses from 192.168.1.x for the wired NICs and 192.168.0.x for the wireless cards. I couldn't share files at all between the two machines until I changed the wired NICs to use IPs in the range 10.10.10.x after that filesharing was easy to set up.
The way I see it the difference addresses between subnets needed to be MORE different in order for windows file sharing to work. You may want to try putting one of your subnets on 10.0.0.x and the other one on 192.168.0.x or something like that.
Oh, and one other thought, do you have netbios installed as a network protocol? or anything other than tcp/ip? If so this may be the problem.....netbios, IPX/SPX and some other protocols are not-routable protocols, meaning they don't propagate past a router or bridge. Sometimes, even if you have tcp/ip installed another protocol can somehow leap ahead of tcp/ip as the default protocol (usually you have to have a network device in place that's broadcasting in this protocol for this to happen). If you don't have any other protocols installed of course this can't happen, but you don't necessarily need to have any other protocol other than tcp/ip anyway because windows 2000 and xp come with a tcp/ip netbios helper service which provides netbios functionality from within tcp/ip. Seeing as how you can't seem to get netbios functionality beyond your router I thought this might be the issue.
Good Luck,
PJimerson
ASKER
Thankyou all experts,
There have been some very good comments. I managed to get it to work. I have posted how I did it here in a word document:
www.contactshare.com/ee in the hope that others may find it helpful.
Regards,
Lee.
There have been some very good comments. I managed to get it to work. I have posted how I did it here in a word document:
www.contactshare.com/ee in the hope that others may find it helpful.
Regards,
Lee.
Your instructions say that 10.0.0.1 is on a different subnet to 10.0.1.1 this may cause confusion as when 10.x.x.x is used the standard subnet mask of 255.0.0.0 actually makes them on the same subnet (255.0.0.0 is the default Windows uses unless told different).
You would be better, or at least for the example it would be better to use 192.168.0.1 and 192.168.1.1 as these would normally be on different subnets, eg the standard is a subnet mask of 255.255.255.0
You would be better, or at least for the example it would be better to use 192.168.0.1 and 192.168.1.1 as these would normally be on different subnets, eg the standard is a subnet mask of 255.255.255.0
ASKER
Thanks Snerkel,
Yes I see what you mean. I will see about amending it to make it clearer.
Regards,
Lee.
Yes I see what you mean. I will see about amending it to make it clearer.
Regards,
Lee.
ASKER
These comments are very helpful.
The less secure part of the LAN is still behind a firewall, it's just that I want an extra layer of protection for the rest of the network. I don't have control over the main part of the LAN so I can't change any settings.
Regards,
Lee.