Setting up a Win 7 network with WiFi WAN and hardware firewalled LAN

I guess I can configure laptop A to receive internet via WiFi and connect laptop B to that one to receive it's internet via ethernet. Can I insert a hardware firewall ahead of laptop B so that I can make it more secure? I guess that the connection coming out of laptop A would look like the connection coming out of a modem and therefore not be foreign to a hardware firewall designed to connect to a modem? If this all doable, what, specifically, would I have to do to configure laptop A and laptop B?
maxpiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

moorenetworkCommented:
Why not just use Windows firewall?  You can run the cable from laptop A to a firewall then to laptop B in which case you will probably be NAT'ing the connection

What are you trying to accomplish as the end goal?

Do you just want internet for laptop B?

Aaron
0
btanExec ConsultantCommented:
Sharing internet is possible through ICS — you only enable internet connection sharing on the adapter that is actually connected to the internet.  ICS should not be considered a firewall for security purposes though
http://windows.microsoft.com/en-sg/windows-vista/sharing-one-internet-connection-among-several-computers

if your AP (like Internet gateway device) has router and FW capability, why not leverage on the AP FW instead, having to go through another workstation may not be secure (you need to leave that machine A always on ...). Else the FW capability can be within the Router interconnecting the machines and do the standard VLAN and having the router being the gateway to ICS machine. of course using the Windows FW is good as well to control traffic to machine A and have it as proxy at browser internet option

this is a useful reference
http://technet.microsoft.com/en-us/library/cc700820.aspx#XSLTsection129121120120

Home and small office computers that are directly connected to the Internet require the added security of a firewall. The least expensive way to do this is to enable both ICF and ICS on a system, and allow all networked computers to connect through that system. You can enable ICS on only one Internet connection on your network, and you should protect this connection by enabling ICF. ICF can check only the communications that cross the Internet connection on which it’s enabled.

Other note -
ICS does not unbind File and Printer Sharing from the external adapter on the ICS computer. Dial-Up Networking (DUN) unbinds File and Printer Sharing from the dial-up adapter where Ethernet adapters (for DSL and cable-modem connections) do not unbind File and Printer Sharing by default. Ports 135 and 139 on the ICS computer are blocked by default on the external adapter to prevent remote computers on the Internet from gaining access to shares and printers on the local network. Blocking these ports does not affect the ICS computer's ability to share files and printers to other computers on the local area network (LAN). Unblocking these ports exposes the local network printers and shares to the Internet and is not recommended.
0
maxpiAuthor Commented:
I'm  purposing computer A for surfing the internet via a WiFi connection and computer B for connecting to a few specific institutions that I do business with. I'm putting a hardware firewall between them for url whitelisting. The question was really about whether the hardware firewall will work when it's WAN connection port is attached to computer A as apposed to when it's WAN connection is from the modem. I'm not going to share anything between the two computers other than the internet connection. The hardware firewall has no wifi capability and I have to use the setup sometimes where there is only WiFi capability thus the idea to get internet via WiFi and serve it to the hardware firewall via ethernet and then to computer B via ethernet.

I found that I could do whitelisting of url's with Win 7's firewall but it appears that it has to be done by blacklisting url's in huge swaths. It's a little hard to maintain that. The Unix firewall can be told to block everything and then exceptions can be added but apparently the Win7 firewall doesn't work that way with regard to url's.
0
btanExec ConsultantCommented:
Should be possible for the WAN connection...the configuration should need  the WAN to choose "Static IP" instead of "PPPoE" or "Automatic - DHCP". Windows firewall by default blocks all inbound traffic and allow outbound. Windows FW is not as good for in control flexibility.  Having said that it can block application too..but suggest yiu explore tinywall

http://tinywall.pados.hu
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.