Fairly complex network, need some help

[Alex Marshall]

Hey all,

I'm going to be setting up a fairly complex network in my house because of
certain needs. Here's what's going to happen:

I have broadband internet. I'm going to set up one computer as a dedicated
firewall / server computer, call it Firewall. Firewall has two NICs, one to
connect to the ISP (Net NIC), the other to connect to a WAN port on a router
I own (LAN NIC). Connecting to the LAN ports on my router are the other 3
computers in my house: 2 desktops and a laptop (call these LAN group). I
want LAN Group to be able to play games / share files with each other, and
still get their internet access through the router, which in turn goes
through Firewall. Any ideas as to how i can set this up? Any help is
appreciated. TIA.

Alex Marshall

 

[Steve Winograd [MVP]]

Hey all,

I'm going to be setting up a fairly complex network in my house because of
certain needs. Here's what's going to happen:

I have broadband internet. I'm going to set up one computer as a dedicated
firewall / server computer, call it Firewall. Firewall has two NICs, one to
connect to the ISP (Net NIC), the other to connect to a WAN port on a router
I own (LAN NIC). Connecting to the LAN ports on my router are the other 3
computers in my house: 2 desktops and a laptop (call these LAN group). I
want LAN Group to be able to play games / share files with each other, and
still get their internet access through the router, which in turn goes
through Firewall. Any ideas as to how i can set this up? Any help is
appreciated. TIA.

Alex Marshall

I think that your plan will work, provided that you:

1. Enable Internet Connection Sharing on Firewall's Net NIC
connection.

2. Connect Firewall's LAN NIC to the router's WAN port with a
crossover cable, not a regular cable.

3. Leave Firewall running and connected to the Internet at all times
that the LAN Group wants Internet access.

I'd also recommend enabling XP's Internet Connection Firewall on the
Net NIC connection.

I don't know what "certain needs" you have, but here's what I see the
plan accomplishing:

1. Allow the LAN Group to play games / share files with each other.

2. Prevent the LAN Group from accessing files on Firewall, and vice
versa.

3. Allow you to cut off Internet access by the LAN Group (by disabling
ICS on Firewall or by turning off the router) while still accessing
the Internet yourself from Firewall.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Alex Marshall]

Thank-you very much for your response Steve. I've done pretty much what
you've told me. I knew that at some point a crossover cable was likely to
be required, just not quite where. After configuring the network as you've
instructed, it still doesn't work. Neither ICS nor bridging my two cards
will work. Any other suggestions? I'm very grateful for any you could put
forth.

Alex Marshall

 

[Steve Winograd [MVP]]

Thank-you very much for your response Steve. I've done pretty much what
you've told me. I knew that at some point a crossover cable was likely to
be required, just not quite where. After configuring the network as you've
instructed, it still doesn't work. Neither ICS nor bridging my two cards
will work. Any other suggestions? I'm very grateful for any you could put
forth.

Alex Marshall

I'm sorry, Alex, but I don't have enough information to say what's
wrong. Please give full details of what "its still doesn't work"
means. Describe how you've connected everything, what works, what
doesn't work, what you've tried to fix the problem, etc.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Steve Winograd [MVP]]

Right, fair enough. From my cable modem, i have a ordinary cable running
into Net NIC on Firewall. From Firewall, I have crossover cable running
into my router's WAN port. Going into the LAN ports on the router are the
NICs from the computers in LAN group. Here's a kind of diagram:
__________
| Internet |
|
| (Firewall's Net NIC
connecting to the cable modem)
| Firewall |
| ( Firewall's LAN
NIC going, through crossover cable, to
| the WAN port on
the router )
| Router |
/ | \
Desktop1 Desktop 2 Laptop

When I go to configure the network connections, I have Net NICs connection
set to share internet access, and I leave LAN NIC's connection as a
connection with default settings. (As a side note, all software firewalls
are turned off. While I think about this, I haven't disable the hardware
firewall in my router) This config doesn't work. When I turn off ICS on
Net NIC and then bridge the connections between Net NIC and LAN NIC, this
doesn't work either. I'm not sure how much more in the way of details I can
give you. Is this simply a matter of having to set static IPs in the TCP/IP
config for LAN NIC maybe?

Alex Marshall

Thanks for the picture, Alex. But, you still haven't said much more
than "This config doesn't work". Without more information, I don't
see how anyone can help. We need details!

WHAT doesn't work? What are you trying to do? How are you trying to
do it? What exactly happens when you do it? What is the complete
text of all error messages?

What does the router show for its WAN and LAN TCP/IP configuration?

What does each LAN Group computer show for its TCP/IP configuration?

Can the LAN Group computers ping themselves? Each other? The router?
The ICS host? The Internet?

I spent a lot of time reviewing your planned setup and commenting on
it. I'll be happy to spend more time if you devote the necessary time
and effort, too.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Alex Marshall]

I do want to keep this up, but I have to go to work. I'll get back to you
in about 8 hours. Thx for your patience.

Alex Marshall

 

[Alex Marshall]

What does the router show for its WAN and LAN TCP/IP configuration?
Right now I've set the IP on Firewall's NIC card to 192.168.0.1. As a
side node, I have an SMC 7004ABR router. The router's LAN configuration is
as follows:
IP address: 192.168.2.1
IP subnet mask: 255.255.255.0
DHCP Server: enabled
IP address pool: 192.168.2.2 through 192.168.2.40
Domain name: MSHOME
The router's WAN config is as follows:
IP: ISP assigns you a static ISP address
Fixed IP settings
IP address assigned by ISP: 192.168.0.2
Subnet mask: (which i'm guessing is causing some sort of problem)
255.255.255.0
ISP's Gateway Address: 192.168.0.1 (see second line of this post)

What does each LAN Group computer show for its TCP/IP configuration?

They're ALL set to automatically obtain an IP address, nothing special.
They all have default settings.

Can the LAN Group computers ping themselves? Each other? The router?
The ICS host? The Internet?

They can ping themselves, each other and the router. As things are set up,
they can also ping 192.168.0.1 (Firewall's LAN NIC ip) and 192.168.0.2.(the
router's "ISP Assigned" IP) However,
they CAN NOT ping the internet.

Now, when I'm looking at the two connections in "Network Connections" and I
leave both of them unshared, unbridged, I get no error messages of any kind.
LAN group can't ping the internet, but they can still ping everything else.
However, when I try to enable ICS on Firewall's NET NIC connection, I get a
warning message saying roughly "doing this may cause your LAN connection
settings to be set to an IP of 192.168.0.1". If I enable ICS on NET NIC, I
still don't get any error messages, but now LAN group can neither access the
internet nor can it even ping 192.168.0.1 or 192.168.0.2. If instead of
enabling ICS, I set up a network bridge between LAN NIC and NET NIC, same
thing happens, but without the warning message "doing this....".

Hope that helps.

Alex Marshall