A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

Mid-LAN router/firewall recommendation



 
 
Thread Tools Display Modes
  #1  
Old December 15th 04, 10:55 PM posted to uk.comp.home-networking
Drew M
external usenet poster
 
Posts: 3
Default Mid-LAN router/firewall recommendation

My parents live in the same building as their workplace (a school), and
are having an ethernet cable poked through the wall to their apartment
so they can access the school LAN and internet connection.

They currently have two Windows XP machines and a basic hub. I'm of the
opinion that they should treat the connection to the school LAN as
untrusted, and therefore should use a similar NAT router and firewall to
that commonly used for an ADSL line.

The requirements a

1) should not allow incoming connections by default
2) should work with standard DHCP from the school LAN
3) should enable the two machines to authenticate against the school's
Windows domain controllers
4) should allow access to the school LAN
5) should allow access to internet via a gateway on the school LAN

Any suggestions for a device to tackle this job?


drew.
  #2  
Old December 15th 04, 11:50 PM posted to uk.comp.home-networking
Alex Fraser
external usenet poster
 
Posts: 553
Default Mid-LAN router/firewall recommendation

"Drew M" wrote in message
.. .
My parents live in the same building as their workplace (a school), and
are having an ethernet cable poked through the wall to their apartment
so they can access the school LAN and internet connection.

They currently have two Windows XP machines and a basic hub. I'm of the
opinion that they should treat the connection to the school LAN as
untrusted, and therefore should use a similar NAT router and firewall to
that commonly used for an ADSL line.

The requirements a

1) should not allow incoming connections by default
2) should work with standard DHCP from the school LAN
3) should enable the two machines to authenticate against the school's
Windows domain controllers
4) should allow access to the school LAN
5) should allow access to internet via a gateway on the school LAN

Any suggestions for a device to tackle this job?


AFAIK, you're implied requirement for NAT and the requirement for access to
the school LAN are mutually exclusive. If I'm wrong, any cable router will
do the job, but otherwise the simplest solution is a carefully configured
firewall on the machines themselves (plus the hub).

Alex


  #3  
Old December 16th 04, 09:12 AM posted to uk.comp.home-networking
Dave J
external usenet poster
 
Posts: 321
Default Mid-LAN router/firewall recommendation

In within uk.comp.home-networking,
'Alex Fraser' wrote:

The requirements a

1) should not allow incoming connections by default
2) should work with standard DHCP from the school LAN
3) should enable the two machines to authenticate against the school's
Windows domain controllers
4) should allow access to the school LAN
5) should allow access to internet via a gateway on the school LAN

Any suggestions for a device to tackle this job?


AFAIK, you're implied requirement for NAT and the requirement for access to
the school LAN are mutually exclusive. If I'm wrong, any cable router will
do the job, but otherwise the simplest solution is a carefully configured
firewall on the machines themselves (plus the hub).


I wonder if you're right there, I cannot see a problem with setting the
private computers up on a different private subnet to the school network,
and natting between the two. As far as the school is concerned all traffic
comes from the external IP of the NAT, with his (Alex's) network hidden
behind it.

You wouldn't use a 'cable' router, you'd use a normal (non-modemed) one.

Local (per-machine s/w) firewalls would still be relevant, as you'd want
outgoing protection from any rougue software.

(To the Orig Poster)

I may well be wrong, but if so I'll be interested to find out how.

The only bit I know nothing about is automatic authentication on the
school's domain controllers, personally I would try to set up a local
machine to do the job exactly as you would if it was the only machine on
the link, the school only sees one IP (the 'external' NAT IP on the
router) so anything sending the right codes will authenticate that IP.
That said, it may well be that there are routers that will do the job for
you.

Hope it's helpful, someone will be along shortly to confirm or refute..

Dave J. (Breaking lurk early)
  #4  
Old December 16th 04, 10:01 AM posted to uk.comp.home-networking
lurch
external usenet poster
 
Posts: 498
Default Mid-LAN router/firewall recommendation

On Thu, 16 Dec 2004 09:12:45 +0000, Dave J strung
together this:

You wouldn't use a 'cable' router, you'd use a normal (non-modemed) one.

Same thing.
--

SJW
Please reply to group or use 'usenet' in email subject
  #5  
Old December 16th 04, 10:59 AM posted to uk.comp.home-networking
Alex Fraser
external usenet poster
 
Posts: 553
Default Mid-LAN router/firewall recommendation

"Dave J" wrote in message
...
In within uk.comp.home-networking,
'Alex Fraser' wrote:
AFAIK, you're implied requirement for NAT and the requirement for access
to the school LAN are mutually exclusive. If I'm wrong, any cable router
will do the job, but otherwise the simplest solution is a carefully
configured firewall on the machines themselves (plus the hub).


I wonder if you're right there, I cannot see a problem with setting the
private computers up on a different private subnet to the school network,
and natting between the two.


The suspicion I had in mind was that the school machines (servers) may try
to initiate communication in some circumstances, which NAT would naturally
make impossible unless you configured port forwarding, and even then it
would only work for one machine.

You wouldn't use a 'cable' router, you'd use a normal (non-modemed) one.


Routers used with cable (ie cable routers) do not have a modem. I should
have been more clear.

Local (per-machine s/w) firewalls would still be relevant, as you'd want
outgoing protection from any rougue software.


Yes, good point.


  #6  
Old December 16th 04, 11:51 AM posted to uk.comp.home-networking
Dave J
external usenet poster
 
Posts: 321
Default Mid-LAN router/firewall recommendation

In within
uk.comp.home-networking, 'Lurch' wrote:

3) should enable the two machines to authenticate against the school's
Windows domain controllers


I was thinking something similar, 1,2,4+5 seem easy enough with any
decent NAT router but 3 needs a bit of thought.


What's the deal with authentication against domain controllers?
If there's a main machine, is there a problem with letting it authenticate
normally via the NAT? Is there a broadcast issue?

--
Dave Johnson -
  #7  
Old December 16th 04, 02:21 PM posted to uk.comp.home-networking
Ernest Bilko
external usenet poster
 
Posts: 21
Default Mid-LAN router/firewall recommendation

Lurch wrote:
On Wed, 15 Dec 2004 23:50:24 -0000, "Alex Fraser"
strung together this:


The requirements a

1) should not allow incoming connections by default
2) should work with standard DHCP from the school LAN
3) should enable the two machines to authenticate against the school's
Windows domain controllers
4) should allow access to the school LAN
5) should allow access to internet via a gateway on the school LAN

Any suggestions for a device to tackle this job?


AFAIK, you're implied requirement for NAT and the requirement for access to
the school LAN are mutually exclusive. If I'm wrong, any cable router will
do the job, but otherwise the simplest solution is a carefully configured
firewall on the machines themselves (plus the hub).


I was thinking something similar, 1,2,4+5 seem easy enough with any
decent NAT router but 3 needs a bit of thought.


I was going to sugest using IPCop but the more I look at it the more
it looks like case for firewalling at pc level, for authentication make
holes that are filtered by IP number protocol and port.
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Router recommendation for NTL with VPN Rob S uk.telecom.broadband (UK broadband) 5 March 23rd 05 10:26 PM
AOL Wireless Router Recommendation Robin Grayson uk.telecom.broadband (UK broadband) 10 October 6th 04 11:35 PM
Wireless Router recommendation Nimrod uk.telecom.broadband (UK broadband) 8 October 2nd 04 10:35 PM
need a router recommendation Alan uk.telecom.broadband (UK broadband) 4 October 2nd 04 11:20 AM
ADSL router recommendation Scooby Doo uk.telecom.broadband (UK broadband) 15 February 16th 04 07:05 PM


All times are GMT +1. The time now is 06:20 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2020 BroadbanterBanter.
The comments are property of their posters.