Overclock.net banner

1 - 12 of 12 Posts

·
Registered
Joined
·
334 Posts
Discussion Starter #1
Hey guys,

Below photo is what i have currenlty and it is great

Rotated

Now this below photo is what i want to achieve.

Rotated

Purpose:

- Not simply putting "PC2" on "router 1" since i want the file server to be Not connected to internet router.
- ability to Enable/Disable connections from main machine ie. i will enable what ever adapter one at a time
a- enable adapter router 1 if want to go to internet, disable adapter router 2
b- enable adapter router 2 if i wnat to access file server, disable adapter router 1

I have the file server built already, have a second router full of dust,
biggrin.gif
, need to buy a new network card ... so is it doable?

If that is not the correct approach ... then appreciate to be guided
smile.gif
.

peace
 

·
I might have tacos tonite
Joined
·
22,339 Posts
That's easily do-able.

Just get a second network card, and set it up on a different subnet then your "router 1" (set the IP address on router 2 to be 192.168.10.1, then set your second network card to be something like 192.168.10.10).

You would be able to access both the internet and the file server without disabling cards, but you can disable them when wanted.
 

·
Registered
Joined
·
334 Posts
Discussion Starter #3
Quote:
Originally Posted by Crazy9000 View Post

That's easily do-able.

Just get a second network card, and set it up on a different subnet then your "router 1" (set the IP address on router 2 to be 192.168.10.1, then set your second network card to be something like 192.168.10.10).

You would be able to access both the internet and the file server without disabling cards, but you can disable them when wanted.
Well thanks, and i never thought it would be easy, frankly i dunno anything about networking ..... and thought it would need hell of configurations

Was asking, since i do not want to buy the new NIC for a failure approach.

So to make things more clear:
"set the IP address on router 2 to be 192.168.10.1" by this you mean the default IP router, i.e: this one below



If YES, then i fully understood what you mean
lachen.gif
....... and hope your answer is YES

peace
 

·
I might have tacos tonite
Joined
·
22,339 Posts
Quote:
Originally Posted by BrjSan View Post

Well thanks, and i never thought it would be easy, frankly i dunno anything about networking ..... and thought it would need hell of configurations

Was asking, since i do not want to buy the new NIC for a failure approach.

So to make things more clear:
"set the IP address on router 2 to be 192.168.10.1" by this you mean the default IP router, i.e: this one below



If YES, then i fully understood what you mean
lachen.gif
....... and hope your answer is YES

peace
Yep just change the 0 to a 10 (or other number of your choice).

Now that I think of it, I was probably making it too complicated... you should be able to just change the 0 to a 10 in that setup screen, and the router will assign a proper IP to both the second NIC and the file server via DHCP, so you don't have to anything else.
 

·
Registered
Joined
·
56 Posts
By far the easiest thing to do is to plug in the file server to router 1. Create firewall rules that block all outbound and inbound traffic to the file server's IP address.

You can add more computers to the network in the future that can access the file server without screwing around with bridging, disabling, subnets, blah blah blah.

Sent from my SAMSUNG-SM-N920A using Tapatalk
 

·
Registered
Joined
·
334 Posts
Discussion Starter #6
Quote:
Originally Posted by beavo451 View Post

By far the easiest thing to do is to plug in the file server to router 1. Create firewall rules that block all outbound and inbound traffic to the file server's IP address.

You can add more computers to the network in the future that can access the file server without screwing around with bridging, disabling, subnets, blah blah blah.

Sent from my SAMSUNG-SM-N920A using Tapatalk
You can add more computers to the network in the future that can access the file server without screwing around with bridging, disabling, subnets, blah blah blah.

Sent from my SAMSUNG-SM-N920A using Tapatalk[/quote]

Interesting . . . But:

A. I never assign any IPs to any machine connected to router 1, i just plug it physically and it is automatic,router automatically assign IP each time, so i do not know what will be the IP lets say of PC2 until i boot the machine and go to cmd

B. Is it possible to make router to both automatically and manually assign IPs to different machines at the same time?

C. In case all is true and i create a rule from PC1 firewall to block all inbound and outbound on the IP of PC2 (both PC1 and PC2 connected to same router), inst that will block me also, i.e: if i am using PC1 then i cannot access PC2, right ??? because of the rule, right?

Peace
 

·
Registered
Joined
·
56 Posts
Quote:
Originally Posted by BrjSan View Post

Quote:
Originally Posted by beavo451 View Post

By far the easiest thing to do is to plug in the file server to router 1. Create firewall rules that block all outbound and inbound traffic to the file server's IP address.

You can add more computers to the network in the future that can access the file server without screwing around with bridging, disabling, subnets, blah blah blah.

Sent from my SAMSUNG-SM-N920A using Tapatalk
You can add more computers to the network in the future that can access the file server without screwing around with bridging, disabling, subnets, blah blah blah.

Sent from my SAMSUNG-SM-N920A using Tapatalk
Interesting . . . But:

A. I never assign any IPs to any machine connected to router 1, i just plug it physically and it is automatic,router automatically assign IP each time, so i do not know what will be the IP lets say of PC2 until i boot the machine and go to cmd

B. Is it possible to make router to both automatically and manually assign IPs to different machines at the same time?

C. In case all is true and i create a rule from PC1 firewall to block all inbound and outbound on the IP of PC2 (both PC1 and PC2 connected to same router), inst that will block me also, i.e: if i am using PC1 then i cannot access PC2, right ??? because of the rule, right?

Peace[/quote]

A. You can manually assign a static IP on PC2 itself or you can set the DHCP server to assign a specific address to PC2. Auto assignments to specific IP addresses are assigned to MAC addresses, not host namrs. If you manually type one in on PC2, make sure it is in the same subnet, but outside the DHCP pool.

B. Yes, see A.

C. You create firewall rules on the firewall between your LAN and the Internet. It will block all inbound and outbound traffic headed for PC2's IP. This does not affect traffic within your LAN.

The other advantage of this is that should you decide you need remote access (from outside of your network), you can easily setup a VPN. Then you can have remote access to PC2 while blocking it's direct access to the Internet.

Of course blocking PC2 Internet access is a little bit much on the tinfoil. Yes it can call out to the Internet if you don't block it, but if it's a file server, it won't be doing much of that. Just mainly looking for OS updates. By default, all firewalls should already block inbound connections that are not initiated from within the LAN.
 

·
Registered
Joined
·
334 Posts
Discussion Starter #8
Quote:
Originally Posted by beavo451 View Post

A. You can manually assign a static IP on PC2 itself or you can set the DHCP server to assign a specific address to PC2. Auto assignments to specific IP addresses are assigned to MAC addresses, not host namrs. If you manually type one in on PC2, make sure it is in the same subnet, but outside the DHCP pool.

B. Yes, see A.

C. You create firewall rules on the firewall between your LAN and the Internet. It will block all inbound and outbound traffic headed for PC2's IP. This does not affect traffic within your LAN.

The other advantage of this is that should you decide you need remote access (from outside of your network), you can easily setup a VPN. Then you can have remote access to PC2 while blocking it's direct access to the Internet.

Of course blocking PC2 Internet access is a little bit much on the tinfoil. Yes it can call out to the Internet if you don't block it, but if it's a file server, it won't be doing much of that. Just mainly looking for OS updates. By default, all firewalls should already block inbound connections that are not initiated from within the LAN.
Thanks beavo451

Well, the aim of the setup is to minimize/restrict un-wanted access to the file server and providing it on network since it will be buried far in some room and make it accessible by PC1. So,

Thinking out loud:
if PC2 is connected to Router1, which is connected to the internet, then putting firewall rule to block traffic between Internet and PC2 will block the internet traffic (software/application level right) but not the LAN traffic.... great, so.... by that, any body (like a user in the house or my neighbor
lachen.gif
who can/is connected to Router1 through wireless, can potentially access the file server....... (yes some might say that i can put user access rules/restrictions/policy in order to prevent that at the same time, but i am not an expert in setting such things) .

So is it right or i am just thinking jiberish
doh.gif
 

·
Registered
Joined
·
56 Posts
Quote:
Originally Posted by BrjSan View Post

Quote:
Originally Posted by beavo451 View Post

A. You can manually assign a static IP on PC2 itself or you can set the DHCP server to assign a specific address to PC2. Auto assignments to specific IP addresses are assigned to MAC addresses, not host namrs. If you manually type one in on PC2, make sure it is in the same subnet, but outside the DHCP pool.

B. Yes, see A.

C. You create firewall rules on the firewall between your LAN and the Internet. It will block all inbound and outbound traffic headed for PC2's IP. This does not affect traffic within your LAN.

The other advantage of this is that should you decide you need remote access (from outside of your network), you can easily setup a VPN. Then you can have remote access to PC2 while blocking it's direct access to the Internet.

Of course blocking PC2 Internet access is a little bit much on the tinfoil. Yes it can call out to the Internet if you don't block it, but if it's a file server, it won't be doing much of that. Just mainly looking for OS updates. By default, all firewalls should already block inbound connections that are not initiated from within the LAN.
Thanks beavo451

Well, the aim of the setup is to minimize/restrict un-wanted access to the file server and providing it on network since it will be buried far in some room and make it accessible by PC1. So,

Thinking out loud:
if PC2 is connected to Router1, which is connected to the internet, then putting firewall rule to block traffic between Internet and PC2 will block the internet traffic (software/application level right) but not the LAN traffic.... great, so.... by that, any body (like a user in the house or my neighbor
lachen.gif
who can/is connected to Router1 through wireless, can potentially access the file server....... (yes some might say that i can put user access rules/restrictions/policy in order to prevent that at the same time, but i am not an expert in setting such things) .

So is it right or i am just thinking jiberish
doh.gif
Yes anybody on the LAN and subnet could potentially access the file server.

Which brings up a couple questions:

Why are you letting random people on your network?

If you are wanting only one PC to access the file server, why a file server? You are defeating the whole point of a server.

Why are you so worried about the security of this file server? It is no more vulnerable than any other device connected to the internet.

If you really are that worried about unauthorized access, then you should learn about permissions that you self admittedly don't know alot about.

If you can't take the tinfoil off, no hacker in the world can connect to it if you physically unplug the Ethernet cable. Which is aboutccesslot whole lot easier than messing with disabling network interfaces.
 

·
Registered
Joined
·
334 Posts
Discussion Starter #10
Quote:
Originally Posted by beavo451 View Post

Yes anybody on the LAN and subnet could potentially access the file server.

Which brings up a couple questions:

Why are you letting random people on your network?

If you are wanting only one PC to access the file server, why a file server? You are defeating the whole point of a server.

Why are you so worried about the security of this file server? It is no more vulnerable than any other device connected to the internet.

If you really are that worried about unauthorized access, then you should learn about permissions that you self admittedly don't know alot about.

If you can't take the tinfoil off, no hacker in the world can connect to it if you physically unplug the Ethernet cable. Which is aboutccesslot whole lot easier than messing with disabling network interfaces.
Alright
smile.gif


- I am not letting people to access the wireless, now days you can find lots and lots of password cracking apps over the net.

- currently one PC , lately will add more machines, where they can get/put their data by connecting on separate LAN.

- Since i do not know about permissions and already built anther machine, that is why i was asking in the first place if it is DOABLE to use two different network cards connected to two different networks on the same machine, since my concern is PC1 which is my main machine, others can use the separate LAN freely.

Thanks for the feedback.
 

·
Registered
Joined
·
56 Posts
Quote:
Originally Posted by BrjSan View Post

Quote:
Originally Posted by beavo451 View Post

Yes anybody on the LAN and subnet could potentially access the file server.

Which brings up a couple questions:

Why are you letting random people on your network?

If you are wanting only one PC to access the file server, why a file server? You are defeating the whole point of a server.

Why are you so worried about the security of this file server? It is no more vulnerable than any other device connected to the internet.

If you really are that worried about unauthorized access, then you should learn about permissions that you self admittedly don't know alot about.

If you can't take the tinfoil off, no hacker in the world can connect to it if you physically unplug the Ethernet cable. Which is aboutccesslot whole lot easier than messing with disabling network interfaces.
Alright
smile.gif


- I am not letting people to access the wireless, now days you can find lots and lots of password cracking apps over the net.

- currently one PC , lately will add more machines, where they can get/put their data by connecting on separate LAN.

- Since i do not know about permissions and already built anther machine, that is why i was asking in the first place if it is DOABLE to use two different network cards connected to two different networks on the same machine, since my concern is PC1 which is my main machine, others can use the separate LAN freely.

Thanks for the feedback.
Ok. Yes, your original idea is doable. Convoluted, but it will work.

The thing about convoluted configurations is that they usually work for the original intention. Future expansions, upgrades, or failures usually break the convoluted configuration and makes trouble shooting much more difficult.

Good WiFi passwords are difficult to crack. That and the probability that a person with nefarious intentions is going to come within range of your WiFi and specifically attack you is next to zero.

Having all your future devices with 2 NICs just to access the Internet and to access a file server on a separate LAN is weird and convoluted. It is also not anymore "secure" than just having everything on one LAN.

Sent from my SAMSUNG-SM-N920A using Tapatalk
 
1 - 12 of 12 Posts
Top