Setting up a secure LAN with a cable modem

[cjuby]

What I'm looking to do is allow file and print sharing on my home LAN that is connected to a cable modem, but make it secure.

My current setup is a RR Cable Modem connected to a Linksys Switch with 3 PC's connected to the Switch. Two PC's are running Windows ME, and the third WinXP. All are currently running ZoneAlarm Pro.

Through RR (Road Runner) I'm receiving 3 IP addresses, so each of the PC's has an un-masked IP address. The problem here is that they are internet addressable and with that comes all of the security problems. I need the 3 IP's so that I can simultaneously run some gamming software on each of the PC's.

I want to be able to turn on file an print sharing, but only allow my PC's to have access too it. I would be willing to get a router and put that in-between the cable modem and the switch, it that would allow me to do what I want, however I'm not for sure if this will solve my problem. I know that the Linksys cable routers will not do what I want because they only allow one incoming IP and not 3.

Does anyone have any ideas on a solution?

[aileron172]

Unbind file and print sharing from tcp/ip. Install NetBeiu bind file and print sharing to NetBeiu. TCP/IP is a routable protocol NetBeiu is not. This set up will work good on a small home network.

Bryan

[cjuby]

The problem with NetBEUI is that WinXP does not support it. When I was running all WinME PC's that is how I had my network setup.

At this point none of my Win Me PC's can connect to my XP box and my XP box cannot connect to my Win ME.

I played around with my settings this evening and got no where. I tried using a Guest account on the XP box and event set it up so that if no account information was received by XP that is would automatically use the Guest account. Still to no avail.

[twwabw]

Originally posted by cjuby
The problem with NetBEUI is that WinXP does not support it.

Sure it does- you just have to hunt for it. Here's where to find it on your XP cd.

[cobra25]

install a firewall...

[cjuby]

Excellent, I will have to give NETBUI a try tonight.

Thanks

[YeOldeStonecat]

I'm a big fan of using NetBEUI for the LAN, leaving TCP/IP unbound to networking services, but that's secure from behind a router...since NetBEUI is not routable, and TCP/IP is.

But he's using 3 WAN IP's coming in through a switch. Err...NetBEUI will indeed be going out the switch. If I'm not mistaking, the way cable is setup, each node is setup behind a T-3...which I "think" is routed right there. If so, he's still totally naked to his node.

[twwabw]

If so, he's still totally naked to his node.

I agree- I think he is too.

[JmE]

If you really wish to be secure, this is what I would do...

2 NICs per PC and 2 switches total.

TCP bound to the internet NIC and NETBUI bound to the other in each PC.

All TCP NICs on on switch connected to the cable modem and All NETBUI NICs connected to the other switch. Two seperate segments.

You will surf off of one NIC and share off of the other.

I do think that should make it pretty secure.

-JmE-

[Sid]

If your worried about security then I gonna say three words to ya.

Linux router project

It WILL handle your needs! Not easy to setup and only one IP is required.

Hardware routers are kick butt but if security is what you want then linux router will do what they won't.

[YeOldeStonecat]

Originally posted by -JmE-
If you really wish to be secure, this is what I would do...

2 NICs per PC and 2 switches total.

TCP bound to the internet NIC and NETBUI bound to the other in each PC.

All TCP NICs on on switch connected to the cable modem and All NETBUI NICs connected to the other switch. Two seperate segments.

You will surf off of one NIC and share off of the other.

I do think that should make it pretty secure.

-JmE-

You're still wide open until you play with your bindings.....as by default Windoze will bind client and sharing services to both NICs and both protocols. Once you unbind the services from the TCP/IP NIC, you'd be safe. But most computers these days are so stuffed with their resources and IRQs already, it's often tough getting a single NIC in there properly without disabling some devices, not to mention two NICs. And by properly installed NICs, I mean what I'd see, and most people wouldn't see, resource sharing that causes occasional lockups, once in a while blue screens, or prevents your computer from shutting down properly.

[JmE]

Originally posted by YeOldeStonecat


You're still wide open until you play with your bindings.....as by default Windoze will bind client and sharing services to both NICs and both protocols. Once you unbind the services from the TCP/IP NIC, you'd be safe. But most computers these days are so stuffed with their resources and IRQs already, it's often tough getting a single NIC in there properly without disabling some devices, not to mention two NICs. And by properly installed NICs, I mean what I'd see, and most people wouldn't see, resource sharing that causes occasional lockups, once in a while blue screens, or prevents your computer from shutting down properly.

As always, you are certainly correct.

My post, however, was in addition to seperating the bindings...

Additionally, I was giving an alternative as it appeared that the poster wished to keep his 3 provider IP addresses. Agreed that the IRQ problem is a pain, however, the setup I described is what I am running right now. I have been running it for a while.

It wasn't a picnic to set it up, however, once set up correctly, no blue screens, lockups, etc... and I have all the slots filled on the MB. My point is that it can be done with a little patience.

-JmE-

BTW: I have the 2 NICs, 2 3D video cards w/ monitors, TV/FM tuner, modem, desktop IR, 3 cameras (1 USB, 1 parallel, 1 composite), sound card, USB scanner, barcode reader, serial GPS device, serial PDA cradle, 1 HD, 1 LS-120, 1 CD Burner, 1 CDROM, external Parallel HD, printer, and perhaps more... all running on my system with nothing disabled and no extrodinary measures taken to install them or run them. Everthing is well behaved, no "!" anywhere in control panel, rock solid performance, no BSD, no exception errors, and always (my wife hates it, 'cause hers won't) shutdown within a few seconds.

[twwabw]

Originally posted by -JmE-


, no BSD, no exception errors, and always (my wife hates it, 'cause hers won't) shutdown within a few seconds.

Must be NT or 2000 !!

[JmE]

Originally posted by twwabw


Must be NT or 2000 !!

Believe it or not... Win98SE!



-JmE-

[YeOldeStonecat]

Still a fan of 98SE myself....as JmE says, with patience, and knowing how to build it right.....it won't blue screen on you. Honestly I never really had a problem with 98 first edition, or ever 95. My 98 box gets rebooted say....twice a month...for virus definition updates. Otherwise, up and runnning 24/7, overclocked and all....

It's all in how well you build it. Win2K is more tolerant of impatient builders.