Subj : Re: Network setup To : mark lewis From : Ben Carpenter Date : Mon Nov 04 2002 02:38 pm -=> Quoting mark lewis to Ben Carpenter <=- BC> Could some one give me some pointers and setting up BC> or rearranging a network. ml> sure... just gotta make sure that we're all using the same terminology ml> to mean the same things... BC> I have several computers on a network and a router BC> connected to a DSL connection. Every thing is working BC> fine, but I want to divide the computers in to 3 BC> different work groups that all can connect to the DSL BC> internet connection but can not see or communicate BC> with computers in an other work group. ml> easy enough... but first, lets get that terminology thing straight... ml> you use "workgroup" in the above... that's generally a NETBIOS ml> thing... one might not be able to see systems in other workgroups in ml> "network neighborhood" but they can (depending) in "entire network" in ml> "network neighborhood"... Ok what I was meaning by work group is as follows. We run a small business which would be one work group. Then would be my wife's and my personal computers as the second work group. The third work group would be a couple computers we want to setup for the grandkids to use when they are here, likely little file sharing but internet connection and games so as not to mess up our business and personal computers. We want no access from one group to another but want all to use the internet when needed. We do not have all these computers now on the network and when we want to change we have to unplug one from the router/internet and plug another one in. The network for the business is now seldom connected to the internet but we would like to use it more and are getting tired of always having to unplug and plug to get what we want. We use NETBIOS for file sharing but not over TCP/IP. The only thing we use TCP/IP for is internet connection. I understand your explanation of what it will take. One question is. What would be the difference be between the machine you described with 4 NIC's compared to the present DSL router and 3 more routers behind that? Another question is can a router with a 4 port hub built in have the output connections assigned an IP address to eliminate the three routers for each workgroup? The one thing I am a little fuzzy about is if I setup a machine with 4 NIC's to act as a router is how to assign different IP addresses to the different NIC's and not have them interfere with each other. I have never worked with a computer with more than one NIC in it. I have had at times 8 or 9 computers connected to my network at one time but that is rare at present but if I can separate (isalate) the different groups could see having most of them connected all the time. I have a friend that used a computer for a router for a while and when he replaced that with a router/hub raised his trough put a lot. He was not trying to separate things like I am, but just was feeding one network from the cable connection he has. Your ASCII drawing came through fine but as I am writing this it looks messed up in my editor so may not come back good. Please explain LMHOSTS files to me. Yes I know that there has not been much traffic in this echo. I would like to see more. Yes if there are others with input please jump in. The moderator is an easy going guy and will allow a little off topic discussion but I hope most of it is on topic. BC> Does this require special hardware or is it a software BC> function or both? Please give some details if you can. ml> its both really... NETBIOS is a network protocol all its own... it is ml> not routable unless encapsulated in a routable protocol like TCP/IP or ml> IPX/SPX... ml> if your default config, like many (most?), is for NETBIOS to be ml> encapsulated in TCP/IP, then you'll need to be able to assign specific ml> addresses to ports on the router or you'll need additional routers... ml> you'll have to alter the IP addressing you are using on the TCP/IP ml> side of your network as well as change the workgroups names on the ml> NETBIOS side... even then, it may be possible for the NETBIOS sides to ml> see thru the router(s) to the others... ml> in actuality, you'll be seperating your existing stuff into four ml> seperate networks... each will have to have one device that has an ml> address in two networks... let's see if i can do this in ascii and ml> have it make sense... ml> inet ip ml> (whatever your ISP assigns) ml> || ml> 192.168.10.1 ml> | ml> | ml> /|\ ml> 192.168.20.1 === 192.168.10.241-/ | \ ml> | | ml> 192.168.30.1 === 192.168.10.242---+ | ml> | ml> 192.168.40.1 === 192.168.10.243------+ ml> (double lines = and || indicate one machine) ml> (single lines - / \ and | indicate one wire) ml> ok, the topmost would be your DSL/router to the internet... on the ml> outside, it gets whatever IP your ISP has assigned to you... on the ml> inside, you'll assign it to 192.168.10.1... its default route will be ml> to the IP assigned by your ISP... ml> on the "first" network, your machines will all reside in the ml> 192.168.20.* range... they will all be set to default route traffic to ml> 192.168.20.1 which is one card/port in a router that contains another ml> card/port that is assigned 192.168.10.241... this machine is ml> configured to route from 192.168.20.1 to 192.168.10.241... this is how ml> the hop from *.*.20.* is made to the outside... ml> on the "second" network, your machines will all reside in the ml> 192.168.30.* range... they will all be set to default route traffic to ml> 192.168.30.1 which is one card/port in a router that contains another ml> card/port that is assigned 192.168.10.242... this machine is ml> configured to route from 192.168.30.1 to 192.168.10.242... this is how ml> the hop from *.*.30.* is made to the outside... ml> on the "third" network, your machines will all reside in the ml> 192.168.40.* range... they will all be set to default route traffic to ml> 192.168.40.1 which is one card/port in a router that contains another ml> card/port that is assigned 192.168.10.243... this machine is ml> configured to route from 192.168.40.1 to 192.168.10.243... this is how ml> the hop from *.*.40.* is made to the outside... ml> each of 192.168.10.24? is configured to default route traffic to ml> 192.168.10.1 for the jump across to the IP assigned by your ISP... ml> notice that i use the term "default route" because you could also set ml> the routers to specifically route to each network so that you could ml> get access to those machines... this would be a normal setup... ml> in the case of the NETBIOS over TCP/IP routing, it, too, would also ml> follow the same routing... this is also where the LMHOSTS files can ml> come into play in addition to the NETBIOS broadcasting that is done... ml> again, it is possible that the machines in one network may be able to ml> sniff out machines in another... this is _because_ they are running ml> NETBIOS over TCP/IP and the TCP/IP routing allows the TCP/IP networks ml> to talk to each other... ml> if you are not running NETBIOS over TCP/IP, then each NETBIOS network ml> would not be able to see past the router that it is connected to... it ml> would only be able to see the machines on the same hub/switch... ml> that's one way... ml> the way that i would probably do this would be to use a linux box as ml> a/the main router... this box would have (at least) four network cards ml> in it... each of those cards would be the .1 address in each of the ml> networks described above... the cable from each of those cards would ml> go to a dedicated hub/switch for that individual network that the ml> other machines are plugged into... this would allow me to ml> 1. set up a firewall to protect all the networks ml> 2. set up specific routing rules for internetwork ml> communications ml> 3. with the firewall, block or allow certain machines ml> NETBIOS access to others in another network ml> hopefully this is clear enough to help and not too confusing to ml> prevent you from understanding... i'm sure that others, if there are ml> any still connected to this area, will jump in and correct me on any ml> points i may have incorrect or not explained properly or clearly... i ml> believe that your message is the first i've seen in this area since it ml> was turned on by one of my downlinks... ml> )\/(ark .... Ben .... I started out broke. I still have some left. --- Blue Wave/DOS v2.30 * Origin: COMM Port OS/2 juge.com 204.89.247.1 (281) 980-9671 (1:106/2000) .