?
Solved

How can I set up a split network at home?

Posted on 2014-08-06
11
Medium Priority
?
227 Views
Last Modified: 2014-10-03
I run a home based business and we have 3 computers for the business.  My problem is my wife and kids also have computers and they can see the business computers and access our share folders, obviously because they are on the same network.  I may be missing something simple but is there a way to kind of segregate the 3 business computers from the other home computers?  I am willing to buy equipment/software....I just don't know how to go about it.  Everyone is running Windows 7 Pro.

Thanks!
0
Comment
Question by:tchristman
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 40243501
You can use 2 (if the ISP will assign multiple IPs) or 3 routers to create an isolated network that share the same Internet connection.  I blogged a while back about how to do so with 3 different configurations.  You may find the article helpful.
http://blog.lan-tech.ca/2011/05/23/create-an-isolated-network-using-one-isp-connection-and-modem/
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40243503
You may wish to transfer data between systems at some point, so the simplest way is to secure the business computer with a user name and strong password. Do not share the drive on this machine and secure business folders so that only the necessary people can see them.

That way, the family might see the structure but they will not be able to access data at all.

The other way is to get a router for your business, hook up the WAN port of the router to a LAN port on your network. You should now get a different subnet on this router (you may wish to check the subnet addressing).

Now the business computer is divorced from the family and it is unlikely they could get in. Still secure the machine and the critical folders.
0
 
LVL 14

Accepted Solution

by:
frankhelk earned 2000 total points
ID: 40243504
Basically, you could just assign the separate network segments.

I.e. when you use

Family  192.168.110.0 mask 255.255.255.0
Biz        192.168.120.0 mask 255.255.255.0

(presumably with fixed IPs, and w/o DHCP) the two network segment's inhabitants won't see the inmates of the other segment, even while sharing the same physical net. It would be a little bit tricky to give both of them internet access at the same DSL box, but that's possible at least if you use a box which could be configured for two separate IPs on one network port -or you could use some old PC as router to the DSL box. It should be configured to connect to the two separated networks w/o routing between them.

You could even set up an additional network segment for shared devices (i.e. a printer), fur which you set up routes into the shared net with i.e. 192.168.130.0 mask 255.255.255.0 (even on the same hardware network). In the latter case you'll need some old PC to route from the separated nets into the shared seegment.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40243506
There are two options.

1.) Build a Ubuntu Server with two networkcards as a router
So your business has a different subnet then your private ones. Your corporate for example 192.168.0.0 and your private 192.168.1.0
manual: http://blog.philippklaus.de/2011/01/private-subnet-with-ubuntu-as-router/
2.) Build a domain with a active directory server
then you can decide who can see what and how to access. But this is for a so small enviroment too big.
0
 
LVL 16

Expert Comment

by:joinaunion
ID: 40244625
I agree to secondary wireless router.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40245480
There's no need for separate physical networks ... with the configuration as lined out above the networks would be logically separated. That would be simple and needs no additional hardware.

If one of your stations is allowed to play in all networks and be capable as router, you could even use a very simple scenario with exactly ONE physical network:

Use the following IP cofiguration:

Family i.e. 192.168.110.0 mask 255.255.255.0
            for all stations of the family

Biz       i.e. 192.168.120.0 mask 255.255.255.0
            for all stations of the business

Tool     i.e. 192.168.130.0 mask 255.255.255.0
            for all shared ressources like the DSL router,
            printer, NAS for all, etc.

All stations are connected to the same physical network, and the common station is confiured with 3 IP addresses on its network card. The common station needs to be configured as router (maybe with a firewall software) and allows routing for

Family <-> Tool
Biz <-> Tool

That's all.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 40245895
@frankhelk
Though that is possible I don't think I would call it simple.  You would need to provide details for the author as to how to enable routing which is disabled on a PC by default, configure static routes since ICS will not work with manually assigned subnets or more than 2, configure static IPs for devices not on the DSL subnet so no DHCP, define default gateways -the PC, and configure firewall rules.
0
 

Author Comment

by:tchristman
ID: 40246467
I'm not positive Comcast will assign multiple IPs to home customers.  If I were to switch around the IPs can you outline for me exactly how I would do that?

Thanks!
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 40246520
>>"I'm not positive Comcast will assign multiple IPs to home customers."
Many ISP's do not offer multiple IP's but it works if you are a DHCP client.
The link I provided gives you 2 other options and details as to how to do so with a single IP>
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40246810
You don't need more IPs from your ISP. Usually DSL boxes will use NAT, which means they use only one IP assigned by the ISP and create a private subnet on the private side. All connections share the ISP assigned IP address, which means all connections look like originating from the ISP assigned IP address (and the DSL router translates them for the private net ... therefore the term NAT (network address translation)). That way a couple of stations (PCs, handies, webcams, IoT appliances, etc.) can share a single DSL connection. I presume your DLS router already works like that.

You could leave DHCP active on the DSL box, but you'll have to ensure your stati IP addresses don't collide with the DHCP addresses. You'll have to assign proper, unique IP addresses out of the private range (as I lined out before, even for the DSL box inner side). This would have to be planned in advance and be done manual on the affected PCs in the respective OS network settings dialog. I.e.

192.168.110.1 Common PC 1st address on network card
192.168.120.1 Common PC 2nd address on network card
192.168.130.1 Common PC 3rd address on network card

192.168.110.2 Family PC 1
192.168.110.3 Family PC 2
192.168.110.4 Family PC 3
(...)

192.168.120.2 Biz PC 1
192.168.120.3 Biz PC 2
192.168.120.4 Biz PC 3
(...)

192.168.130.2 DSL box inner side
192.168.130.3 Printer
192.168.130.4 shared NAS
(...)

Afterwards you'll disable the DHCP serice on the DSL box.

The seutp of a router service could be possibly omitted if the common devices (printer and shared NAS in my example) are capable of using more than one IP address on their network port (or have more than one). In that case you could just set up a proxy program on the common PC that manages the surfing - I see no other use for routing in your case. There are free (simple) proxy server programs around for D/L.
0
 
LVL 16

Expert Comment

by:joinaunion
ID: 40246961
Well the easiest thing to do is go on there computers and turn off network discovery.

Open up network and sharing on the left. Click on change advanced sharing settings. Select to turn off network discovery and any other items you want off.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question