microaideinc
asked on
Trying to seperate networks by using different subnet masks
I have a client who is using internet access supplied by another tenant in their building. I'm trying to keep their networks hidden from one another. I have achieved this with other clients in the past by keeping them in the same scope to attach to the internet gateway router but putting them in different subnets. Right now my client cannot see any computers on the other tenants network or even ping them which is what I want. However the other tenant who is sharing their internet can find computers on our networkand they can ping us. The tenant sharing the internet is in the 192.168.0.1 scope with subnet mask 255.255.255.0. My client is in the same scope with a 255.255.0.0 subnet mask. Without any additional hardware how do I lock down this network as not to be seen.
thanks
thanks
What are the default gateways on the PCs. If they are going to the same router then the router has a route in its table routing the two networks together. That is where I would start.
You need to split them up like this.
192.168.0.0 255.255.255.0 <--subnet one
192.168.1.0 255.255.255.0 <-- subnet two
The way you have it one scope includes the other, but not the other way around.
192.168.0.0 255.255.255.0 <--subnet one
192.168.1.0 255.255.255.0 <-- subnet two
The way you have it one scope includes the other, but not the other way around.
Hey.
I'm assuming your network clients are XP.
To just simple ' Hide' your clients from view just simply turn on the Windows XP Firewall and disable pinging .
(Go to Start> Run> 'Firewall.cpl")
Go onto the 'Advanced' Tab and under ICMP click the 'Settings' Button and make sure all boxes are unchecked.
If you're using another firewall please state which one and i'll giv you further help.
I'm assuming your network clients are XP.
To just simple ' Hide' your clients from view just simply turn on the Windows XP Firewall and disable pinging .
(Go to Start> Run> 'Firewall.cpl")
Go onto the 'Advanced' Tab and under ICMP click the 'Settings' Button and make sure all boxes are unchecked.
If you're using another firewall please state which one and i'll giv you further help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
thur6165 has it right.
you want the same subnet mask, with different subnets.
if one subnet mask is 255.255.0.0 and the other is 255.255.255.0, but you are using the same subnet, you are not dividing the subnets. one subnet includes the other.
you want to actually divide your subnets.
you want the same subnet mask, with different subnets.
if one subnet mask is 255.255.0.0 and the other is 255.255.255.0, but you are using the same subnet, you are not dividing the subnets. one subnet includes the other.
you want to actually divide your subnets.
i posted before seeing Fatal's suggestion. it reminded me that if you do 2 different subnets (with the same subnet mask), you will want to create a rule in the firewall that prevents the traffic from crossing from one subnet to the other.
using additional routers (as Fatal has shown) would achieve the same thing.
using additional routers (as Fatal has shown) would achieve the same thing.
:) as long as you have a router between subnets, and no 'rules' to dissallow the packets from going from one to another, then you cannot stop traffic... I outlined an easy way to prevent this using consumer grade routers... I agree that you might need some explanation on how subnetting works, the correct way to use subnets, along with proper creation of subnets.. The WAN ports effectively stop anyone 'reaching' beyond their own subnet..
I think the big problem you have here is using one consumer grade router, which will not allow you to use port filtering to stop the traffic... Anyone connecting to one of the switchports, regardless of the subnet they are on will be able to access another subnet if the route is in place..
I think the big problem you have here is using one consumer grade router, which will not allow you to use port filtering to stop the traffic... Anyone connecting to one of the switchports, regardless of the subnet they are on will be able to access another subnet if the route is in place..
Do you have the access rights to the router. Since its not yours I assume the owner would not want to give that out.
I still think we need to know more about the hardware that is being used here, for a start... Router make and model, switches, etc.... If they are just consumer grade Linksys, Netgear, etc., then access rights really don't matter.. he will need to install additional devices to do what needs to be done..
ASKER
I think Fatal's suggestion is my best bet and I think I might already have what I need in place as far as hardware. The person sharing the internet has a combo dsl mode/router with 4 switchports. I already have a network connection running from one of those ports to a switchport on a Linksys wireless router in my clients office which is giving wireless access to their laptops. There is also a 8 port switch attached to my Linksys Router for all the wired network computers. So if I plug the network connection from the business sharing their internet in my WAN port instead of one of the switchports in my Linksys router is that all I need to do. And will I still have internet connectivity?
Correct... unless you specifically forward a port on the Linksys to your internal network, then no one will be able to 'see' your LAN.. this is the same configuration I suggest to those that want to hide their subnet in Internet Cafes... easy to do, and much less expensive that purchasing switches (CISCO) that allow for port filtering..
FE
FE
Thanks!