tag:ask-leo.com,2011://3/tag:ask-leo.com,2008://3.3371- 2011-12-01T07:02:38Z Comments for How do I protect users on my network from each other? Movable Type 4.32-en tag:ask-leo.com,2008://3.3371-comment:61883 Comment from Alex on 2011-11-23 Alex http://unspecified Leo, thank you very much for explaining that very clearly - I've understood the concept, but how do you actually (physically) connect one router to another one?
I've got my main router "2wire 2701hgv" (that is connected to the telephone line - broadband) and would like to place one of my laptops behind the second router "2wire 2700hgv" the way you suggested in this article. However, the problem I see is:
- you connect a telephone line cable to the first (main) router's port (lets call it "main router in") - that's simple and quite straight forward as the relevant cable is supplied with the router, and then, which port on it (lets call it "main router out") and what sort of cable do I have to use in order to connect to the second router (lets call it "second router in")?
As far as I understand, I'm supposed to connect main router's "out" (which is one of the 4 available Ethernet ports) to the second router's "in" (which is a telephone line "in" port), and that's exactly where the confusion kicks in - what sort of cable to use? Main router's "out" is an Ethernet port, but the second router's "in" is a standard telephone line port so a regular Ethernet cable (neither a telephone line one) that have the same jacks on either end would not do.
Thank you.

If your router has a telephone line in, then it's not just a router - it's a modem/router. A true router would have a network connection (often labeled WAN) for its input.
Leo
24-Nov-2011
]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2011.

 2011-11-23T23:51:03Z tag:ask-leo.com,2008://3.3371-comment:53171 Comment from DaveVM on 2010-12-24 DaveVM Leo,

About the double NAT issue, what if the NAT were turned off on the router connected to the ISP and the other routers had NAT on?

Would that stop the double NAT and preclude having to do the double router port forward jobs and so forth?

Just wondering.

Dave

There may be other details at play (for example will your ISP give you more than one IP address with NAT off?), but in concept: yes.
Leo
25-Dec-2010

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

 2010-12-24T19:33:32Z tag:ask-leo.com,2008://3.3371-comment:53140 Comment from Alan on 2010-12-22 Alan Thanks Leo! Your reply is appreciated.

I learned that my Airport Extreme router has a guest network feature that splits the LAN into 2 VLANS's, which are on separate IP's & have different WPA passwords. This would seem to do the trick but I am not convinced of the security.

I am having trouble w/ the set-up you described with double NAT being reported by the Airport, but we'll see...

The guest network sure is the easier softer way!

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

 2010-12-22T23:07:03Z tag:ask-leo.com,2008://3.3371-comment:53038 Comment from Alan on 2010-12-19 Alan Hi & thanks for the article!

Instead of the configuration- modem--> internet router-->router 1(network 1) & router 2(network 2),

would the following operate the same?

modem-->router 1(network 1) -->router 2(network 2)

In other words, run the 2nd network off of the other network's router....hmmm?

Thanks!

That doesn't protect everyone from each other. That only protects the computers connected to router 2 from the computers on router 1, and not the reverse.
Leo
20-Dec-2010

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

 2010-12-19T17:30:50Z tag:ask-leo.com,2008://3.3371-comment:49277 Comment from neil manaog on 2010-08-07 neil manaog is it possible to connect from provider to modem to router to hub then to another router again?????

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

 2010-08-08T06:41:27Z tag:ask-leo.com,2008://3.3371-comment:49276 Comment from Anonymous on 2010-08-07 Anonymous http://unspecified is it possible to connect from provider to modem to router to hub then to another router again?????
Possible: certainly. Is it what you need or want? I have no idea.
Leo
09-Aug-2010

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

 2010-08-08T06:40:32Z tag:ask-leo.com,2008://3.3371-comment:43413 Comment from Bob on 2010-02-17 Bob How do I ensure that a particular router has "AP isolation" (a.k.a. "client isolation"). And how do I determine that any particular hub meets the requirements for isolating one tenant from another?

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

 2010-02-17T22:43:05Z tag:ask-leo.com,2008://3.3371-comment:31833 Comment from John on 2008-06-04 John Thanks for everyone's comments about my previous post. After more thought, I realized that having all the computers connected to one router (without additional routers to protect each computer) is actually justified because that is no worse than everyone having their own DSL connection; whether their computers communicate across the intranet set up by the router, or whether they communicate across the internet via each having their own DSL connection, it is virtually the same thing. The only difference is when they are connected via the internet by DSL modems, they are not vulnerable to ARP poisoning intranet attacks that could happen on the router WLAN. So I don't think it is the landlord's responsibility to shield them from each other when it is the same thing if they have their own DSL connection. The tenents must be responsible for their own safety.

But I came across what may be a perfect solution for this scenario. I'm not sure which other routers have this option, but the Linksys WRT54G that I use has an advanced wireless setting called "AP isolation", that when turned on, prevents the computers on the WLAN from communicating with each other (while still allowing each of them to communicate with the router). That would isolate all the computers from each other and there would be no need to buy additional routers. What do you think, Leo? Seems like this is just the right solution for the scenario described in your article.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-06-05T01:35:01Z tag:ask-leo.com,2008://3.3371-comment:31832 Comment from Leo on 2008-05-10 Leo -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shreyas: please re-read my earlier response in comments to a
similar objection. This scenario is NOT your home. It's a
landlord or other situation where he has NO control over all
the computers involved. If everyone could be *guaranteed* to
install and use a software firewall, that would be a fine
approach. You simply *cannot* make that guarantee.

Thanks,

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIJeAvCMEe9B/8oqERAqy1AJ9BRiS82LGjS7sWc2ZepQBAb4a9rgCggRm4
zgLL2Z2f37qh+3WU9DkJPbk=
=dWII
-----END PGP SIGNATURE-----

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-10T17:49:41Z tag:ask-leo.com,2008://3.3371-comment:31831 Comment from Leo on 2008-05-10 Leo -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Amjad: Turning off File and Printer Sharing is NOT secure.
Without a firewall you would still be at risk of malicious
attacks and vulnerabilities.

Thanks,

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIJd+3CMEe9B/8oqERAj9FAJ0Rb0EsmiMsPMnrPtfUCzaBaFs+kwCeMzZs
V2QRknlcw3nk5e7xokzLpXE=
=uw3Y
-----END PGP SIGNATURE-----

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-10T17:47:42Z tag:ask-leo.com,2008://3.3371-comment:31830 Comment from Shreyas on 2008-05-08 Shreyas http://unspecified Even I think this solution is an overkill, Leo. A good firewall software can keep you safe 99% of the time. Just for the rest 1%, why would you put so many more dollars in buying other routers?

And as you pointed out, this will interfere with p2p softwares, causing troubles. A good solution could be, know your tenants well!

Another thing we are forgetting here is that the second level routers need to have a 'wired' connection with the main router! In most cases, this won't be possible. I don't think any landlord should wire up his apartment just so that he can give a 100% internet security to his tenants.

The money equation just doesnt work here.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-08T14:23:20Z tag:ask-leo.com,2008://3.3371-comment:31829 Comment from Amjad Yusuf on 2008-05-07 Amjad Yusuf http://unspecified I don’t know why you guys are making short story too long. Simple solution for this scenario is just remove the tick mark ‘File And Printer Sharing For Microsoft Network’ under Local Area Connection Properties.And see, nobody can access your machine.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-08T06:20:52Z tag:ask-leo.com,2008://3.3371-comment:31828 Comment from Brent on 2008-05-07 Brent The fatal flaw in John's view is not taking into account the scope of things. As already pointed out, we are talking about a network with MANY users (ie tennant rooms) that we want to assume no level of trust among them.

The problem with software firewalls is that they can be disabled fairly easily, even accidentally by...shall we say "less than informed" computer users. So basically with a software firewall approach you can urge your tennants to use them but you can never be 100% sure they are using them and using them correctly.

So to sum up, Leo's multiple router approach is very good advice for the given situation.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-07T13:49:46Z tag:ask-leo.com,2008://3.3371-comment:31827 Comment from Leo on 2008-05-06 Leo -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As Jeffrey pointed out, I'm not suggesting this for a home
scenario, or for any scenario where you have control over
all the computers. This is specifically for distribution of
an internet connection to users/computers/whomever over
which you have little or no control.

In *some cases* it might be appropriate for the home:
particularly if you have children or house guests whose
usage you cannot trust.

But if you can trust all the computers behind your single
router, then absolutely a single router is the way to go.
It's how I run here.

But I'm no landlord :-).

Thanks,

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIIM5uCMEe9B/8oqERAlITAKCMN52F6XhQb4WlwOOqJRBJPMku8ACdGGPB
mY9nKthb1ba9ka7D06FxUHM=
=NVC0
-----END PGP SIGNATURE-----

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-06T21:32:37Z tag:ask-leo.com,2008://3.3371-comment:31826 Comment from jeffrey on 2008-05-06 jeffrey In regards to John's comment, that is correct if it were just 1 family and 1 person has control or access to all computers...but in a landlord tenant situation, where the landlord has tenants connecting and does not know, and may not be able to legally confirm if they have a firewall, the hardware solution appears to me to be the better one.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-06T18:21:14Z tag:ask-leo.com,2008://3.3371-comment:31825 Comment from John on 2008-05-06 John I really disagree with you on this one Leo. Buying an additional router for each connected computer is an extremely expensive solution when good firewall software will suffice and do exactly the same thing. Routers provide an incoming firewall by the intrinsic nature of using NAT (as you've pointed out in other articles), but you don't need to buy a router if all you need is a firewall--that can be accomplished with good firewall software, and some decent firewall programs are available even for free. Of course it could be argued that a hardware-based firewall could be considered more bullet-proof than software-based firewalls since they are virtually impervious to malware, but if you have good firewall software that hasn't been compromised by malware that all ready exists your computer, then a software-based fireall is JUST AS GOOD as being behind a router for all practical purposes.

How can you make your readers believe they need a router for every single computer on their LAN, in addition to their router that connects them to the internet? That is an extremely expensive solution that is unnecessary. Would you mind explaining why you think spending all that money on additional routers is justified over using good firewall software? I think protecting yourself with decent firewall software is adequate for 99.9% of the average computer users out there. I think you are way out-of-line on your advice this time, Leo.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-06T13:23:09Z tag:ask-leo.com,2008://3.3371-comment:31824 Comment from Mary on 2008-05-06 Mary http://unspecified Thanks for providing the diagrams. Makes it so much easier to understand the concepts behind NATting, double NATting, etc.

]]>

A comment on: How do I protect users on my network from each other?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

 2008-05-06T11:53:10Z