[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Trying to seperate networks by using different subnet masks

Posted on 2007-04-11
14
Medium Priority
?
271 Views
Last Modified: 2010-03-18
I have a client who is using internet access supplied by another tenant in their building. I'm trying to keep their networks hidden from one another. I have achieved this with other clients in the past by keeping them in the same scope to attach to the internet gateway router but putting them in different subnets. Right now my client cannot see any computers on the other tenants network or even ping them which is what I want. However the other tenant who is sharing their internet can find computers on our networkand they can ping us. The tenant sharing the internet is in the 192.168.0.1 scope with subnet mask 255.255.255.0. My client is in the same scope with a 255.255.0.0 subnet mask. Without any additional hardware how do I lock down this network as not to be seen.

 thanks
0
Comment
Question by:microaideinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 2

Expert Comment

by:mkurtzhals
ID: 18893370
What are the default gateways on the PCs.  If they are going to the same router then the router has a route in its table routing the two networks together.  That is where I would start.
0
 
LVL 8

Expert Comment

by:thur6165
ID: 18893376
You need to split them up like this.

192.168.0.0  255.255.255.0  <--subnet one
192.168.1.0  255.255.255.0  <-- subnet two

The way you have it one scope includes the other, but not the other way around.
0
 
LVL 8

Expert Comment

by:Here2Help
ID: 18893441
Hey.

I'm assuming your network clients are XP.

To just simple ' Hide' your clients from view just simply turn on the Windows XP Firewall and disable pinging .
(Go to Start> Run> 'Firewall.cpl")
Go onto the 'Advanced' Tab and under ICMP click the 'Settings' Button and make sure all boxes are unchecked.

If you're using another firewall please state which one and i'll giv you further help.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 2000 total points
ID: 18894028
Well, you should really fix this at the router..  using different subnets will never stop anyone from accessing them if the routers have routes in their routing table...  What kind of router are you using?  If a Cisco router with switch that supports VLANs, then yes you can stop the traffic, but since you are using a shared access, I think you probably are not going to invest in such expensive equipment..  

Here is a suggestion:  Setup the main router attached to the WAN (internet), and connect a switchport to another router - WAN port, going to each subnet...    Since the WAN port will not allow incoming traffic, you effectively stop the other clients access, unless you open a port...

WAN <--> Modem/Router <--> (WAN Port) Router (Switch Ports)<--> Router2<--> Clients in Subnet 1
                                                                                           |
                                                                                    Router 3 <--> Clients in Subnet 2

You can put as many Routers as you have Switchports and nothing downstream will be able to see anything past the WAN port on the next door router...   and you don't need expensive equipment.. Linksys Routers will do just fine..
                                                                                   
0
 
LVL 44

Expert Comment

by:zephyr_hex (Megan)
ID: 18894036
thur6165 has it right.
you want the same subnet mask, with different subnets.

if one subnet mask is 255.255.0.0 and the other is 255.255.255.0, but you are using the same subnet, you are not dividing the subnets.  one subnet includes the other.

you want to actually divide your subnets.
0
 
LVL 44

Expert Comment

by:zephyr_hex (Megan)
ID: 18894063
i posted before seeing Fatal's suggestion.  it reminded me that if you do 2 different subnets (with the same subnet mask), you will want to create a rule in the firewall that prevents the traffic from crossing from one subnet to the other.

using additional routers (as Fatal has shown) would achieve the same thing.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 18894475
:)   as long as you have a router between subnets, and no 'rules' to dissallow the packets from going from one to another, then you cannot stop traffic...  I outlined an easy way to prevent this using consumer grade routers...   I agree that you might need some explanation on how subnetting works, the correct way to use subnets, along with proper creation of subnets..  The WAN ports effectively stop anyone 'reaching' beyond their own subnet..  

I think the big problem you have here is using one consumer grade router, which will not allow you to use port filtering to stop the traffic...  Anyone connecting to one of the switchports, regardless of the subnet they are on will be able to access another subnet if the route is in place..
0
 
LVL 3

Expert Comment

by:Comply
ID: 18895003
Do you have the access rights to the router. Since its not yours I assume the owner would not want to give that out.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 18897075
I still think we need to know more about the hardware that is being used here, for a start...  Router make and model, switches, etc....  If they are just consumer grade Linksys, Netgear, etc., then access rights really don't matter..  he will need to install additional devices to do what needs to be done..
0
 

Author Comment

by:microaideinc
ID: 18897438
I think Fatal's suggestion is my best bet and I think I might already have what I need in place as far as hardware. The person sharing the internet has a combo dsl mode/router with 4 switchports. I already have a network connection running from one of those ports to a switchport on a Linksys wireless router in my clients office which is giving wireless access to their laptops. There is also a 8 port switch attached to my Linksys Router for all the wired network computers. So if I plug the network connection from the business sharing their internet in my WAN port instead of one of the switchports in my Linksys router is that all I need to do. And will I still have internet connectivity?
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 18902558
Correct...  unless you specifically forward a port on the Linksys to your internal network, then no one will be able to 'see' your LAN..  this is the same configuration I suggest to those that want to hide their subnet in Internet Cafes...  easy to do, and much less expensive that purchasing switches (CISCO) that allow for port filtering..

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 19758212
Thanks!
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question