Okay here's a tricky one (networking 2 comps)

[L_S]

Soon I will have another comp and I want to connect both of my comps so I cant share files and a printer and also have them simultaneouly connected to the internet via my cable line. Well they say you shouldnt enable file and printer sharing if you are on cable because of the obvious security hazards.

Now I dont know a damn thing about networking, but somebody suggested this to me: "u can allow file and print sharing but only have it bound to IPX/SPX, and make that ur LAN protocol
leaving TCP/IP solely for internet use....without any other bindings (see bindings tab)
so long as two things:
make sure IPX/SPX is NOT bound to the cable modem
make sure file and print sharing is NOT bound to TCP/IP
that should do it
but this is what MS tells me....in real life it may not b safe"

So would his solution work? and would it be safe?

------------------
If you have any problems with what I just said then I welcome you to click here.

 

[RW]

I don't have a clue but I did install a wireless network from "diamond" called "home free" so maybe you should take a look at this. I bought the system at CompUSA for $150 and now I see it goes for a mere $100 on line. The system operates at around 2450Mhz and consists of two cards one PCI and one ISA. It works quite good for the price and the install and instructions are very easy to deal with. There is also a version that uses your in house telephone lines to do the same thing. /~unreal/ubb/html/smile.gif

 

[Prophetus]

Oh, geez man...I would like to help, but when it comes to Lan and network crap, I get lost. But, I recently read several articles in PC World and PC Computing Mags about that same subject. Go to their web site and search for network and Lan solutions. They, will give in depth solutions. They will also email you. Try it out. Sorry I couldn't help you more.

 

[Lizard Of Oz]

I don't know jack about networking. First get two computers, then get some wire... See, no help. /~unreal/ubb/html/smile.gif

"There is no point in tip-toeing through life to get safely to death."
"Whom ever sacrifices freedom for security get's nor deserves either."

-Lizard Of Oz -aka- {PuF}Lizard- nguid = 108675

 

[Voyd-]

L_S my man, i know the answer. i have 2 comps sharing files and my cable line. icq me about it its too long to explain here /~unreal/ubb/html/smile.gif

 

[Pornosaur]

I have the same setup you do. I think the problem lies in the binding of the protocol. You don't bind the protocol to the cable modem but to the network card which would have both protocols on it.
If you connect your two computers to a hub and your cable to that hub, you could set up a firewall.

 

[L_S]

Thanks all /~unreal/ubb/html/biggrin.gif Voyd get your *** on icq!

If you have any problems with what I just said then I welcome you to click here.

 

[Stryker]

The binding thing will do the trick. As long as your internet protocol is not set to allow sharing you connection is as secure as it can be with a windows system. However, if you dont use TCP/IP on the lan you might not be able to play UT on the lan. (at least thats the way it seems on two lan's that I play on)

 

[Morph]

OR, you could get ANOTHER computer, and setup the cable modem on it, and make it your proxy, and enable file sharing between the other two computers, but turn it off on the proxy.

=)

 

[SimplyCosmic]

A 486 with a 500MB Hardrive, two network cards and a fresh copy of your favorite Linux distrobution.

That's what you need.

With this setup, the Linux box with a paltry 486 and 16MB of ram can act as router, firewall, gateway, slicer and dicer in order to properly connect you and the outside world in a manner both fast and protective...

But that's just the Network Consultant in me speaking...

 

[[PuF]BadAss]

Hey Liquid, try this link. It is pretty good and recent:
http://www.firingsquad.com/guides/ics/

[PuF]BadAss
ICQ 36081255

 

[fusion]

Liquid:

Hey it is very easy to network two computers, here's how:

1. Put a network card in each system and install the drivers.

2. Buy a Crossover cable (NOT a network cable there is a big difference).

3. Connect the systems via the cable.

4. Start both machines and go to start , setting , control pannel , and doulbe click on the network icon. Doulbe click on the TCP/IP otion of the network card you installed. Select the IP Address tab and choose specify an IP Address. Assign something like 123.123.123.1 to your computer and do the same thing to the other computer but give it an address like 123.123.123.2 .. ok then click ok and go back to the network icon in the control pannel but this time choose the Identification tab... both computers have to have the work group name.

5. Go to My Computer and share your hard drives.... do this by right clicking on the drive and selecting sharing, then share as, the access should be set to full. click apply and then ok... restart the computers.

6. Make sure you log in when the computers boot up,,,, dont click cancel if you do you wont see the network. soon as you get booted up go to network ne... and see if you can see the other computer if you can then you are all set... you can start a server on one system and join on the other...


btw never use ixp it is soooo slow compared to tcp/ip.

if you have any questions leave me a post and i'll try and help more...

good luck

 

[tykeal]

ACK!!!! don't use 123.123.123.* bad idea... that's in the real IP address space for the full net. Instead select address from some of the local network address spaces... I personally just use the 10.*.*.* network (I know for a 7 machine work room at home it's overkill) because of them all it's the easiest to remember... just one of the octets instead of 2 or 3 /~unreal/ubb/html/wink.gif

As for getting everything set-up properly. I really would recommend getting an old 486 box with 500+ MB hd, 16+ MB ram and installing a Linux firewall. RedHat 6.1 is fairly easy to use and if all you enable is firewalling and no other fun utilities (ftp, telnet or ssh) then it should be fairly safe. Of course that all depends upon your firewall script /~unreal/ubb/html/biggrin.gif

 

[fusion]

tykieal:

Ummmm what do you mean bad idea?? We are not talking about ON LINE networking.. he is talking about networking two systems through network CARDS. NOT HIS MODEM. You are right in that you shouldn't use 123... for tcp/ip device settings for his MODEM.... hahaah which has NOTHING to do with a NETWORK CARD.

I'll tell ya what, I use 123.123.123.4 go ahead and hack into my system LOL. You might be able if I used that IP address on my MODEM....

I think it was futtle to tell him to by a 486 and put linux on it... He is not going to run out and buy and out of date system.... anyway I do agree with you about linux I use 6.0 and it is much better then Windows98. So at least we agree on one thing...


Liquid: don't worry about the IP address of your network card..l regardless of there ppl tell you.. it has nothing to do with your modem or internet connection.

[This message has been edited by fusion (edited 12-29-1999).]

[This message has been edited by fusion (edited 12-29-1999).]

 

[tykeal]

Fusion:

Ahh... I see I was miscontstrued a bit.

Here's my reasoning behind my outburst:
Liquid stated that he's got a cable modem and wants to share the line between his up and coming new machine and the current one. Therefore the machines are going to have to be able to find the external network... that's going to be done most likely through the NICs as I doubt you want to go and connect up the machines with serial or parallel cables /~unreal/ubb/html/wink.gif

Now, if you go and run a proxying system then having whatever IP you want on the internal side really isn't too much of an issue (except for if you were trying to access a machine outside that had one of your used IPs). But think about what is required in the setting up of the system. Unless the ISP is giving you more than one IP addy then you are going to have to use a proxy or a NAT. Which then means if you use a NAT you have to a bit more picky about the machines you can access externally. However, using one of the private networks ends up being easier. The main routers are supposed to drop packets from the private networks as they aren't supposed to be used externally. Which means that if you use an private address space interanally then if for some reason the address actually leaks out it will die very fast.

Yes, I know, I could try and hack into your machine at 123.123.123.1 or whatever and if you don't have your machine online you might as well have a C2 cert for security. But the point I'm trying to make is why play with fire when you don't have to?

Maybe I'm an exception but having had a machine fully online 24/7 for nearly 6 years now in my private residence may have made me just a bit more careful with what IPs I use.

As for the buying old tech. It was just an example of a perfectly good piece of hardware that does wonders in a situation like this. The university that I graduated from not too long ago (yeah I know.. the 6 years includes my T1 time in the dorm) up until a year ago was firewalling over 3000 machines through a 486 DX2 66 with 16 MB of ram using Linux for about 3 years. There was never a hicouph in the time other than when USWest cut the T1 line (twice while I was there) *accidentally*. Besides it's cheap now to find a 486, and you can slap in a drive of up to about a gig without _too_ many problems /~unreal/ubb/html/biggrin.gif

Liquid: I agree with Fusion the IP addy thing really isn't all that important, I just advocate using a range that was designated for private use *shrug*

 

[fusion]

Tykeal:

You make some very good points here and you seem to know a hell of a lot about networking..... I may be wrong.. I didn't realize he was using his cable modem.... hummmm good point. I thougt he was using a sep lan card...


Hey Liquid.... Listen to Tykeal he has much knowledge.!!

 

[Dred]

Tykeal:

i just got dsl and was thinking about building a linux firewall but i was going to put it on a fast system(celeron 400) i want a fast system cause if i share the dsl with all the computers on the lan and i have a slow firewall won't that intern slow me down a lil as well when playing unreal? how hard is it to setup a linux firewall.. i have installed linux compiled kernal a few things but never really got into samba and installed firewall before.. i was actually thinking of just getting checkpoint.. what do you think? one more thing if i do setup a linux firewall is it ok to make it my ftp site on the firewall machine. or should i really try to seporate them? thanks.

 

[Voyd-]

see L_S, its either what i told you.....or this mess /~unreal/ubb/html/smile.gif

 

[tykeal]

Dred:

Using DSL or a cable modem for that matter and only one IP address is going to force you into two possible ways of sharing your bandwith across a home network.

The first way is to install a Proxy system (yes Linux can do this too... I don't know how... I haven't read the HOWTO /~unreal/ubb/html/wink.gif )

The second is to do what I do at home. Use the firewall as a NAT (Network Address Translator aka IP Masquarading).

When using either method you are going to end up using a bit more processor power than if you were just running a plain old vanilla firewall. You could still get away with using a 486 if you wanted to like I suggested, but it depends upon the number of machines that are going to be behind it.

If you are going to be using a NAT then I would really recommend a Pentium class machine at least for more that 2 or 3 machines esp if you plan an playing UT or Q3 on all those machines to external sites.

Now here's the reasoning:
with both NAT and Proxying each and every packet that comes in the header has to be inspected and possibly rewritten. This is obviously going to eat more processing power than if you are using a plain vanilla firewall because the plain vanilla firewall just looks at the where the packet is coming from, going to, and what specific protocol (ICMP or other) the packet is. It then just does something to it. The NAT and Proxy have to do some of this and their header re-writes as well.

The reason I use NAT instead of proxing (though proxying can be more secure) is that to use proxying programs have to be proxy aware or you need to use a network shim (a program to sit in the background and add a basic proxy support to any network integrated program). Personally I find it difficult to find a lot of programs that are proxy aware taht I'm willing to use and shims can wreak havoc all over your system. Therefore since NAT's are invisible to the local machines it's just easier to use /~unreal/ubb/html/smile.gif

Now about the slowing down part if you are using a slow machine. The bottle-neck of all your network traffic is going to be the DSL connection no matter what. At max you can get a DSL of 8 Megabit down-pipe and 1 Megabit up-pipe, but even the slowest ethernet is 10 Megabit. Now lets say you get a fairly common DSL connection rate 256K/256K (lowest end from US West around my parts) since a T1 is 1.44 MB (Megabit) / sec your doing at just about 1/6 of a T1 for connection (not bad) but remember your ethernet is either 10 MB or 100 MB, your doing about 6.9 times more bandwidth at 10 MB than a T1!

So with that answer to your question... do you really think that having a slower processor for the NAT/Proxy/Firewall is going to slow you down? Nope, we aren't producing enough data to actually overrun your network buffers, or your processing power.

However, if you decide to run a FTP server off your firewall, and you start getting a lot of vistors then you are going to run into problems (both with bandwidth and processing). So, here's the idea. Go ahead and run a FTP site on your firewall if you want to, but remember this, if you make it possible to for anonymous uploading, then you open yourself to a crack, if you don't open it for anonymous uploading then that crack is far less likely to happen (it's still posible, but it would have to be one of your users doing it then).

So, if you didn't infer the answer to your second question, it's not a problem to use your firewall as your FTP server, in fact I use our firewall (when we've got our connection back [DIE USWEST SCUM!]) as an FTP server, Web server and e-mail server. Not bad for a P100 with 24MB of ram and a 1gig HD that we scrapped together from spare parts /~unreal/ubb/html/biggrin.gif

The samba stuff isn't too hard either and if you use the base install of the RedHat packages there really isn't much you need to configure. It will give you access to user accounts on the box buy a username password combo and you can access Windoze boxen with some commandline (or GUI) utils that work very similar to FTP or even mount in that Winbloze partitiion as part of your directory tree /~unreal/ubb/html/wink.gif

As for Checkpoint... I don't know anything about it. All the utils I use for my Firewall are right out of a RedHat distro. Ip-Chains, Apache, WuFTP, and SendMail.

If you want more info on setting up any of the above I refer you to the HOWTO's available in the docs directory of a RedHat install cd or the Linux Documentation Project at: http://metalab.unc.edu/LDP/

Voyd:
Yeah it can seem a horrible mess what I'm advocating but in the end it can be a lot more secure than having a Windoze machine directly on the Internet. Even with a NT Server and all the latest "security" fixes and patches and even a 3rd party software proxy / NAT solution, Windoze is just in general more ummm.... prone to attacks of a common nature. The use of a *nix machine as a buffer is just more prudent in my view. An OS that was designed from the ground up as a multi-user system is generally more likely to be more robust at taking care of attacks than a system where a single user is at one point or another completely dominate on the system and I'm not talking about admins in either case.

 

[HerrDoktor]

Ok, all the posts were very interesting and pretty well thought out. I have the following to add:

1) Cable modems DO NOT allow more than 1 MAC address to connect to them. So, barring a gateway / firewall, you will not easily be able to connect the two computers to hit the web. It might be possible to put two network cards in a Windows 98 SE machine and do that shared network stuff... but I doubt it.

2) DSL allows you to pay for multiple IP addresses (like $5 bucks more a month). This way you can by a $50.00 10BaseT hub and two NIC (network interface cards) and assign the IP addresses to your two computers. The problem there is that your systems aren't firewalled.

3) I use a Red Hat Linux box with two network cards. One card has the external IP address (the one the ISP gave me) and the other the internal IP address (which should always be 192.168.0.x for an internal network). I set up NAT (Network Address Traslation) to go between the two (outside world [aka WWW] and the inside world). With a cable modem, this may be the only way to go, as it makes the modem think there is only one system. The other advantage is that you can disallow all connection attempts from ANY IP address that you do not want someone connecting from. My system does not allow ANY external connections at all. Lastly, I've also found that the box is faster than a straight connection to the DSL mo, specificly when multiple people are using the firewall.

-Gerhard

PS My linux firewall/gateway is a P166MMX, w/ 64Mb of RAM and a 2Gb HD. It flies.