Restrict access to LAN via Firewall/Router
Posted on 2006-07-22
I have a D-Link adsl modem/router connected to an 8 port switch.
I then have my LAN PC's also connected to the switch and these acquire IP settings from the D-Link router (range 192.168.1.0).
I also have a Netgear FWAG114 Prosafe Wireless Firewall/Router connected to the switch via its WAN port.
Machines which connect to the FWSA114 only do so via wireless and are allocated IP settings by the FWAG114 (range 10.0.0.0)
My wireless machines are able to access the internet via the FWAG114 with no problems at all. However, at present if I type \\192.168.1.# into a RUN command wireless clients on the FWAG114 are able to access the LAN clients on the Dlink router (they do have to enter a username and password but as most of the LAN clients don't have passwords on the administrator account this is not secure and easily worked out by those with a little knowledge). I don't want the wireless clients on the 10.0.0.0 range to be able to access LAN clients on the 192.168.1.0 range connected directly to the Dlink router.
I know that we could set up passwords etc on all the LAN client machines but we would rather restrict access via the firewall as users could easily remove passwords or create new accounts and shares - they are not on a domain and they do not want us to restrict their use of their own machines. Essentially the hotel are offering free internet access via their own broadband connection but need to make sure clients can't access the office machines.