I have 2 PC's each connected to the internet via LAN->HUB->DSL. The operating system is XP-Pro on both computers. My question relates to names of the computers. At some point I will want to share printers and files between computers. Their names for purpose of this discussion are: PC1(in WORKGROUP) and PC2(in WORKGROUP). I used the form given by Belarc to show computer names and workgroup name. My question is when setting up for sharing I understand the workgroup name has to be the same, mine are the default WORKGROUP. Does the pc name also have to be the same??? Thanks for your help.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
PC network setup
- Thread starter Marvel
- Start date
- Status
- Not open for further replies.
bla!!
Daemon Poster
- Messages
- 1,118
- Location
- /usr/root/mn/us
Nope, in fact you have to have different PC names otherwise there will be a naming conflict in your workgroup.
The way you have it set up right now should work perfeclty!
The way you have it set up right now should work perfeclty!
Thanks bla!!....I plan on getting a router and set each of the pc ip address in the firewall trusted zone. Am I correct in saying the router NAT feature will protect sharing disk and printer between the the PC's?? My thinking is the translated address is not routeable over the net and the outside world will not have the NAT. In this way I will only use tcp/ip to effect sharing between computers. Would I be correct on this point??
I believe static ip address would have to be used from the router to the PC. Appreciate comments and input, thanks.
I believe static ip address would have to be used from the router to the PC. Appreciate comments and input, thanks.
You should be fine. With network addess translation all your internal LAN IP's should appear as the IP of the internet connection. You will want to pay carefull attetion to how you set up your firewall, as it is the firewall that will control access to your internal network. However unless you explicitly enable port forwarding on the router all your internal IP's should be invisible to the net. Unless you need access to your machines when you are away from your LAN I suggest you disable all incoming connection requests on your firewall, if all requests are denied they can't exploit security weaknesses in the software you have running on the other side.
You would still be vunerable to DoS attacks etc. but I don't think you will have many problems with those, tends to be larger organsiations that see this sort of activity.
As for the protocols you are using on your internal network..
TCP/IP will be sufficient for anything you want to do. If your router also acts as a switch for the internal LAN the firewall will have nothing to do with that internal traffic, unless you specify that that is the behaviour that you want.
If you only have two computers in your network then Static IP's will be fine. If you set all the IP's yourself it will probably be easier to assess what's going on if something does go wrong.
You would still be vunerable to DoS attacks etc. but I don't think you will have many problems with those, tends to be larger organsiations that see this sort of activity.
As for the protocols you are using on your internal network..
TCP/IP will be sufficient for anything you want to do. If your router also acts as a switch for the internal LAN the firewall will have nothing to do with that internal traffic, unless you specify that that is the behaviour that you want.
If you only have two computers in your network then Static IP's will be fine. If you set all the IP's yourself it will probably be easier to assess what's going on if something does go wrong.
nak-1 thank you for the great reply. This area is important and I want to be sure I understand a couple of points you made.
I plan to get a linksys router with hardware firewall and keep ZAP also. The router would be used on the PC LAN side to switch traffic between PC-1 and PC-2.
Internal LAN IP's are the only IP addressing I plan to use. They result from NAT. Example PC-1 may be 192.168.1.1 and PC-2 may be 192.168.1.2, they would be assigned static for tracking problems. Sorry to repeat your words, I want to get this right the first time.You should be fine. With network addess translation all your internal LAN IP's should appear as the IP of the internet connection
My firewall is ZAP, I have it setup pretty tight as is. I will have to research incoming connection requests as I know zero about tcp/ip protcol issues.Unless you need access to your machines when you are away from your LAN I suggest you disable all incoming connection requests on your firewall, if all requests are denied they can't exploit security weaknesses in the software you have running on the other side
I plan to get a linksys router with hardware firewall and keep ZAP also. The router would be used on the PC LAN side to switch traffic between PC-1 and PC-2.
Outgoing and incoming connection requests:
Outgoing:
Say you are surfing the web. You click on a hyperlink. The browser sends a connection request to the DNS server/s you have sepcified. The request leaves you computer and exits the LAN via the default gateway. If you are using NAT, the router/server replaces the IP address in the TCP/IP packets with that of its external connection to the internet and keeps a track of where the packets came from. It then sends the request onto the naemserver which responds and send some packects back to confirm the connection. The router/server takes the paackets and replaces the IP address with the one of the originating machine which then picks up these packets. Hence the connection is established. however the name server sees the request as having come from you router/server and has no knowledge of the IP address of the PC that made the original request. In this way your LAN IP's remain private to the LAN. This has several advantages, firstly it means you can add a network to the internet and only use 1 IP, secondly no-one on the internet can directly address any of the machines on your LAN.
Incoming:
Say someone wants to FTP to a machine on your LAN, for valid or malicous reasons. They will send packets to the external IP, that of your router, requesting a connection on port 21 usually. If the firewall denies the request for a connection they cannot connect to your LAN. If your using a hardware router it's likely there will be nothing to FTP to. In this case if you had a machine you wanted to access you would have to enable 'port forwarding'. This basically means you tell the router to forward all requests on the FTP port to a particular machine which is running an FTP server. If you are running NAT through a server you could just put the FTP server on this machine. Neither of these methods is the most secure, but I don't see you needing a demilitarised zone for a home network!
If you keep a firewall on your PC's as well as the fireall on your router watch out for exnexpected behaviour. If you deny all incomming requests on your PC's within the network you may not be able to share files etc. however this depends on what server technologies you are using.
I don't personally firewall anything inside my LAN except for the windows machine. However this does mean that if someone breaks in they have unfettered access to all of my machines.
the subject of security is very big and ridiculously complex. howver the easiest way to break into a LAN is to get in via some indirect method, ie. a virus in an e-mail. As you bring it into the system the cracker does not have to break through your firewall and exploit whatever insecure software you happen to be running. In terms of effort for the cracker this makes much more sense.
Conclusion, make your network reasonably secure and buy some good anti-virus software, or do the above and just don't run windows...
Most exploited machines are used to connect to another exploited machine and then another and so on. Crackers do this because most people don't keep detailed logs of their network traffic. In this way the cracker can be reasonably sure that when they do launch an attack from a given machine at the end of a long chain it will be impossible to trace the origin of the attack. The trace will end at a, probably blissfully unaware, users machine that keeps no logs of the network activity.
If your really paranoid employ an Intrusion Detection System that will warn of suspicious activity on your network so that you can then take appropriate action.
Hope this helps!
Outgoing:
Say you are surfing the web. You click on a hyperlink. The browser sends a connection request to the DNS server/s you have sepcified. The request leaves you computer and exits the LAN via the default gateway. If you are using NAT, the router/server replaces the IP address in the TCP/IP packets with that of its external connection to the internet and keeps a track of where the packets came from. It then sends the request onto the naemserver which responds and send some packects back to confirm the connection. The router/server takes the paackets and replaces the IP address with the one of the originating machine which then picks up these packets. Hence the connection is established. however the name server sees the request as having come from you router/server and has no knowledge of the IP address of the PC that made the original request. In this way your LAN IP's remain private to the LAN. This has several advantages, firstly it means you can add a network to the internet and only use 1 IP, secondly no-one on the internet can directly address any of the machines on your LAN.
Incoming:
Say someone wants to FTP to a machine on your LAN, for valid or malicous reasons. They will send packets to the external IP, that of your router, requesting a connection on port 21 usually. If the firewall denies the request for a connection they cannot connect to your LAN. If your using a hardware router it's likely there will be nothing to FTP to. In this case if you had a machine you wanted to access you would have to enable 'port forwarding'. This basically means you tell the router to forward all requests on the FTP port to a particular machine which is running an FTP server. If you are running NAT through a server you could just put the FTP server on this machine. Neither of these methods is the most secure, but I don't see you needing a demilitarised zone for a home network!
If you keep a firewall on your PC's as well as the fireall on your router watch out for exnexpected behaviour. If you deny all incomming requests on your PC's within the network you may not be able to share files etc. however this depends on what server technologies you are using.
I don't personally firewall anything inside my LAN except for the windows machine. However this does mean that if someone breaks in they have unfettered access to all of my machines.
the subject of security is very big and ridiculously complex. howver the easiest way to break into a LAN is to get in via some indirect method, ie. a virus in an e-mail. As you bring it into the system the cracker does not have to break through your firewall and exploit whatever insecure software you happen to be running. In terms of effort for the cracker this makes much more sense.
Conclusion, make your network reasonably secure and buy some good anti-virus software, or do the above and just don't run windows...
Most exploited machines are used to connect to another exploited machine and then another and so on. Crackers do this because most people don't keep detailed logs of their network traffic. In this way the cracker can be reasonably sure that when they do launch an attack from a given machine at the end of a long chain it will be impossible to trace the origin of the attack. The trace will end at a, probably blissfully unaware, users machine that keeps no logs of the network activity.
If your really paranoid employ an Intrusion Detection System that will warn of suspicious activity on your network so that you can then take appropriate action.
Hope this helps!
nak-1, it sure does help and your comment about having a hardware and software firewall online is interesting. I have virus protection, trojan protection and of course ad-aware help. I got hit twice last week with the w32/netsky.b.eml!exe virus from email. McAfee stopped it at the door. As a comment I don't go to many sites...so don't know how they picked on me. LOL.
I looked at softwall(think the name is right) and one other linux based router/firewall solution a few months ago. In my mind it is the better solution but I just don't want to go through a tough learning period to get things right. Once again thanks for your generious response.
I looked at softwall(think the name is right) and one other linux based router/firewall solution a few months ago. In my mind it is the better solution but I just don't want to go through a tough learning period to get things right. Once again thanks for your generious response.
- Status
- Not open for further replies.
Similar threads
- Replies
- 0
- Views
- 751
- Replies
- 1
- Views
- 853
- Replies
- 0
- Views
- 530
- Replies
- 1
- Views
- 353
