Networking at the office

[Guest]

Hi everybody! In advance, thank you for your time!
Ok, the situation is this, my dad recentely bought a new server - SBS2003, a
Router SpeedTouch580 for ADSL access and a Linksys wrt54G router for wireless
access.
He wants to have this configured by the people who sold him the equipment
but they are always busy...
So, the server is up and runing, no DHCP, the IP's are manually created, 2
users only. The thing is, he wants to provide free wireless access to clients
thru the Linksys router BUT without permiting them to access the internal
network.
I've messed around and got this info:
The ip on the adsl modem is an internal one.
It is not configured to DHCP.
How do i configure the linksys (very confusing admin console btw!!!) to
allow clients to access the internet without them seeing our documents?
I don't understand the menu on this thing, so if any of you kind technology
blessed people came accross something like this or know how to do it, i'd
love to hear from you!
And you're welcome at our free hotspot!
Thank you once again!

 

[Steven L Umbach]

I am pretty familiar with the WRT54G and don't believe there is any setting
that can do what you want. A couple of options I can think of are.

Get a DSL package with multiple static public IPs. Out where I am that is
very common and usually Netopia modem/gateways are installed by the ISP
where then you can connect one router for your internet LAN that is assigned
one public IP and then the wireless router would use another public IP and
they would be isolated as far as your LAN is concerned.

Another option is to use a wireless router that can isolate wireless and the
LAN. I know the Sonicwall TZ150 wireless can do that as it can be setup in
the guest wireless access mode. This router is usually around $325 and
though your initial investment would be higher it would save money over the
long run compared to business class DSL with static IPs if you do not need
them for any other purpose and it is a much more robust and featured device
than the Linksys. Also I believe you will find Sonicwall support quite a bit
better than Linksys if you needed help setting it up.

Steve

http://www.newegg.com/Product/Product.aspx?Item=N82E16833339002 --- TZ150
wireless

 

[Guest]

The proper way to do this is to use two routers in a double-NAT arangement,
basically

Internet-Router1-Public Access-Router2-Private LAN

The public and private LANs need to have separate IP subnets, for example
make one 10-series and the other 192-series.

Router1 is a DSL router, Router2 is a pure Ethernet router such as used on
cable Internet systems.

This is relatively secure as any given computer can only see 'up the pipe'
and not downward. It does make things more complex if you need port
forwarding or a DMZ, though.

The other option, less secure, is to put a good firewall on the server, and
restrict netbios access to specified IPs only. Provided the genuine
client-computers are running, any attempt to duplicate a trusted IP will
result in an error and no connection. While this kind of setup may be
acceptable for use by site-visitors, if it's a genuinely public system then
I'd be inclined to go for double-NAT.