Subj : Network setup To : Ben Carpenter From : mark lewis Date : Mon Nov 04 2002 08:47 am BC> Could some one give me some pointers and setting up BC> or rearranging a network. sure... just gotta make sure that we're all using the same terminology to mean the same things... BC> I have several computers on a network and a router BC> connected to a DSL connection. Every thing is working BC> fine, but I want to divide the computers in to 3 BC> different work groups that all can connect to the DSL BC> internet connection but can not see or communicate BC> with computers in an other work group. easy enough... but first, lets get that terminology thing straight... you use "workgroup" in the above... that's generally a NETBIOS thing... one might not be able to see systems in other workgroups in "network neighborhood" but they can (depending) in "entire network" in "network neighborhood"... BC> Does this require special hardware or is it a software BC> function or both? Please give some details if you can. its both really... NETBIOS is a network protocol all its own... it is not routable unless encapsulated in a routable protocol like TCP/IP or IPX/SPX... if your default config, like many (most?), is for NETBIOS to be encapsulated in TCP/IP, then you'll need to be able to assign specific addresses to ports on the router or you'll need additional routers... you'll have to alter the IP addressing you are using on the TCP/IP side of your network as well as change the workgroups names on the NETBIOS side... even then, it may be possible for the NETBIOS sides to see thru the router(s) to the others... in actuality, you'll be seperating your existing stuff into four seperate networks... each will have to have one device that has an address in two networks... let's see if i can do this in ascii and have it make sense... inet ip (whatever your ISP assigns) || 192.168.10.1 | | /|\ 192.168.20.1 === 192.168.10.241-/ | \ | | 192.168.30.1 === 192.168.10.242---+ | | 192.168.40.1 === 192.168.10.243------+ (double lines = and || indicate one machine) (single lines - / \ and | indicate one wire) ok, the topmost would be your DSL/router to the internet... on the outside, it gets whatever IP your ISP has assigned to you... on the inside, you'll assign it to 192.168.10.1... its default route will be to the IP assigned by your ISP... on the "first" network, your machines will all reside in the 192.168.20.* range... they will all be set to default route traffic to 192.168.20.1 which is one card/port in a router that contains another card/port that is assigned 192.168.10.241... this machine is configured to route from 192.168.20.1 to 192.168.10.241... this is how the hop from *.*.20.* is made to the outside... on the "second" network, your machines will all reside in the 192.168.30.* range... they will all be set to default route traffic to 192.168.30.1 which is one card/port in a router that contains another card/port that is assigned 192.168.10.242... this machine is configured to route from 192.168.30.1 to 192.168.10.242... this is how the hop from *.*.30.* is made to the outside... on the "third" network, your machines will all reside in the 192.168.40.* range... they will all be set to default route traffic to 192.168.40.1 which is one card/port in a router that contains another card/port that is assigned 192.168.10.243... this machine is configured to route from 192.168.40.1 to 192.168.10.243... this is how the hop from *.*.40.* is made to the outside... each of 192.168.10.24? is configured to default route traffic to 192.168.10.1 for the jump across to the IP assigned by your ISP... notice that i use the term "default route" because you could also set the routers to specifically route to each network so that you could get access to those machines... this would be a normal setup... in the case of the NETBIOS over TCP/IP routing, it, too, would also follow the same routing... this is also where the LMHOSTS files can come into play in addition to the NETBIOS broadcasting that is done... again, it is possible that the machines in one network may be able to sniff out machines in another... this is _because_ they are running NETBIOS over TCP/IP and the TCP/IP routing allows the TCP/IP networks to talk to each other... if you are not running NETBIOS over TCP/IP, then each NETBIOS network would not be able to see past the router that it is connected to... it would only be able to see the machines on the same hub/switch... that's one way... the way that i would probably do this would be to use a linux box as a/the main router... this box would have (at least) four network cards in it... each of those cards would be the .1 address in each of the networks described above... the cable from each of those cards would go to a dedicated hub/switch for that individual network that the other machines are plugged into... this would allow me to 1. set up a firewall to protect all the networks 2. set up specific routing rules for internetwork communications 3. with the firewall, block or allow certain machines NETBIOS access to others in another network hopefully this is clear enough to help and not too confusing to prevent you from understanding... i'm sure that others, if there are any still connected to this area, will jump in and correct me on any points i may have incorrect or not explained properly or clearly... i believe that your message is the first i've seen in this area since it was turned on by one of my downlinks... )\/(ark * Origin: (1:3634/12) .