Announcement

**Helevitia** · 17 April 2003, 15:37

Originally posted by Taz
Do you mean having two different networks on the LAN side, if that's the case then no your right it wont do it. I was thinking more of using inbetween the two LAN's.

You are correct, I meant two different networks. Furthermore, the dynamic routing feature in the Linksys is just to advertise and receive updates through the RIP routing protocol which would not help in this case. BTW, I also use this Linksys at home as well.

Dave

**Taz** · 17 April 2003, 15:42

Originally posted by Helevitia
Furthermore, the dynamic routing feature in the Linksys is just to advertise and receive updates through the RIP routing protocol...

Yep I realise that, it was more the option for Gateway or Router that I was referring to which is in the same section. In any case I misunderstood what you were getting at when I posted that so it's kinda irrelevant

**arbymo** · 17 April 2003, 20:38

i dont think u need extra hw or sw to do that ..

if those 5 pc's r in on domain "X" or workgroup "Y" .. use a different domain or workgroup name for the 6th pc "Z".

in this case, all 5 pc's can have IP's in the same subnet, can ping each others but can't see or be seen by the 6th pc.

and y u think u'd need a switch?

another solution if u have routing sw or hardware, u can assign the 6th pc an ip adress that's on a different subnet than the other 5.

example: if the 5 pc's use the 172.16.30.x subnet .. use 172.16.50.x for the 6th pc.

here all pc's can be in the same workgroup or domain but they can't ping each others and they won't be able to see each others.

**Taz** · 18 April 2003, 03:22

Originally posted by arbymo
if those 5 pc's r in on domain "X" or workgroup "Y" .. use a different domain or workgroup name for the 6th pc "Z".

in this case, all 5 pc's can have IP's in the same subnet, can ping each others but can't see or be seen by the 6th pc.

Er, wrong

**Sasq** · 18 April 2003, 04:11

The requirement is also that the 6th pc cannot be modified to access the other 5.

**RedRed** · 18 April 2003, 05:29

It might JUST be cheaper to say furkett and get a second ADSL....

do you need it as a perminent solution or a temporary one?

**Fat Tone** · 18 April 2003, 06:14

LOL - actually the reason is that they want to get rid of a 2nd ADSL line! This will be permanent.

Thanks for the help so far...

T.

**Helevitia** · 18 April 2003, 09:40

I'm not sure how much money you want to spend but the easiest hardware solution would be:

1. Cheap router that can support 3 subnets(networks), DHCP, Access Lists, and NAT1.
2. hang a switch or hub off of each physical subnet so you cna have 1 or mroe PC's off of each subnet.
3. The third subnet is for the WAN(ISP) link.
4. Route between the subnets
5. Setup access-lists so that PC6 cannot see subnet X but can still go out to the internet.

I was looking at our product line here at Cisco and there is something called a Cisco 1700 that will do exactly what you want. Buy the rotuer off of ebay though, much cheaper. Plus, you need to purchase the software. It cna get expensive though even for the bottom line product. Probably close to ~$1000. Better yet, find a competing product that does similar features. But to be honest, I don't know who sells cheap routers???

Dave

**Helevitia** · 18 April 2003, 09:44

Or....you can just buy a PC, throw win2k on it, put two nics in it and you might be able to accomplish the smae thign for a lot cheaper. I'm not sure how the access-lists work on win2k.

Topology: Think of the dashes as invisible, it is only a place holder to make the topology look correct.

--------------Internet
------------------|
--------------ADSL Modem
------------------|
--------------WIN2K w/ 2 nics
----------------/-----\
---------------/-------\
--------------/---------\
------------PC6-----Other PCs

Dave

edit: stupid forums will not allow you to lead with spaces, so I am leading with dashes instead...

edit2: gotta add some more

**Taz** · 18 April 2003, 09:57

My idea was to use two routers as follows :-

.................................................. .........|- PC1
.................................................. .........|- PC2
Internet --- ADSL router --- hub/switch ---|- PC3
.................................................. .........|- ...
.................................................. .........|- router2 -------- PC6

**Helevitia** · 18 April 2003, 10:00

Originally posted by Taz
My idea was to use two routers as follows :-

.................................................. .........|- PC1
.................................................. .........|- PC2
Internet --- ADSL router --- hub/switch ---|- PC3
.................................................. .........|- ...
.................................................. .........|- router2 -------- PC6

Clarify "router2". It appears from this topology that it is a linksys style router. Problem is, how do you prevent PC6 from not seeing PC1-3? You will need some sort of access-list feature. Even if you have this feature on router2, it will only prevent PC1-3 from seeing PC6 not the other way around.

Dave

**The PIT** · 18 April 2003, 10:15

I think you can do this in software. I'm pretty sure Nortons personnel firewall does this by placing mac address's in a restricted zone which would prevent access from those machines.

**Taz** · 18 April 2003, 10:45

Originally posted by Helevitia
Problem is, how do you prevent PC6 from not seeing PC1-3? You will need some sort of access-list feature. Even if you have this feature on router2, it will only prevent PC1-3 from seeing PC6 not the other way around.

The D-Link DI-804V allows you to set filters on both the LAN and WAN sides so it should be possible to block packets going in either direction.

**Fat Tone** · 18 April 2003, 12:03

Originally posted by Taz
It's just an ADSL router, I can't see how you can use that to prevent one PC seeing the others

The Drayteks are also a bit weird when it comes to configuring them to.

I'm following these discussions with great interest and researching myself.
It certainly seems that going for a PC with 3 nics and appropriate s/w (e.g. Smoothwall) would do the trick, but seems a little overkill.
I did a Google for 'Router +"Access List" -Cisco' and got very little apart from training courses etc.
Taking a closer look at the manuals for the Draytek (available at the link I gave), there is a .pdf in the .zip called IPFILTER.PDF. It looks to me like a bunch of filters could do it.

Any opinions on that please?

TIA

T.

**Taz** · 18 April 2003, 12:22

The problem is the filters will only work on trafic passing through the router i.e. from the LAN side to the WAN side, the PC's are in effect just connected to the switch part of it so trafic between them will be un-filtered.

Announcement

Need to share ADSL with extra PC that can't see existing network.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment