|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Sharing internet but not files on WifiI have often enjoyed the 'hospitality' of others by surfing the web on their
wifi networks, and therefore wish to reciprocate so that anyone can surf on my network. I do not, however, wish to compromise my security. Is it possible to allow open access to the internet through my network while restricting access to shared files so that they are only accessible to authorised users? Thanks Yes it is possible, to setup your network this way. Basically you set your
access point up without security, and set to broadcast the SSID. Then you set your computers up to require a user name and a password. Note that because any and all have access to your wireless connection that this will make it easier to crack the security on your computers. Be sure to disable the anyone account, and on windows XP go to My Computer | Tools | Folder Options | View | and in the Advance settings box scroll to the bottom and uncheck "use simple file sharing (Recommended) for each folder shared with a hand under it. -- Show quoteHide quoteDavid Hettel Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com DISCLAIMER: This posting is provided "AS IS" with no warranties, and confers no rights "Deejay" <Dee***@discussions.microsoft.com> wrote in message news:3975858E-5118-4A4B-B401-8EE9A7656B3E@microsoft.com... >I have often enjoyed the 'hospitality' of others by surfing the web on >their > wifi networks, and therefore wish to reciprocate so that anyone can surf > on > my network. I do not, however, wish to compromise my security. > > Is it possible to allow open access to the internet through my network > while > restricting access to shared files so that they are only accessible to > authorised users? > > Thanks Thanks for the reply. I cannot find 'use simple file sharing' in the View,
Advanced scroll box. I have XP Home. Is that the reason? Show quoteHide quote "David Hettel" wrote: > Yes it is possible, to setup your network this way. Basically you set your > access point up without security, and set to broadcast the SSID. Then you > set your computers up to require a user name and a password. Note that > because any and all have access to your wireless connection that this will > make it easier to crack the security on your computers. Be sure to disable > the anyone account, and on windows XP go to My Computer | Tools | Folder > Options | View | and in the Advance settings box scroll to the bottom and > uncheck "use simple file sharing (Recommended) for each folder shared with a > hand under it. > > -- > David Hettel > > Please post any reply as a follow-up message in the news group > for everyone to see. I'm sorry, but I don't answer questions > addressed directly to me in E-mail or news groups. > > Microsoft Most Valuable Professional Program > http://mvp.support.microsoft.com > > DISCLAIMER: This posting is provided "AS IS" with no warranties, and > confers no rights > > "Deejay" <Dee***@discussions.microsoft.com> wrote in message > news:3975858E-5118-4A4B-B401-8EE9A7656B3E@microsoft.com... > >I have often enjoyed the 'hospitality' of others by surfing the web on > >their > > wifi networks, and therefore wish to reciprocate so that anyone can surf > > on > > my network. I do not, however, wish to compromise my security. > > > > Is it possible to allow open access to the internet through my network > > while > > restricting access to shared files so that they are only accessible to > > authorised users? > > > > Thanks > > > Correct, Windows XP Home does not have the same networking features as XP
Pro. Another option for added security would be to purchase a second wireless router, that would have security setup on it, for your network. Router 1 would be directly connected to your hi-speed connection and would provide free access to the Internet, it can be inexpensive, set it up to put router 2 in the DMZ. Router 2 should have a firewall, and it's firewall will protect you from the public on the internet, as well as anyone logged into your free access point. Cable/DSL Modem | Wireless router 1 open no security IP range 192.168.2.1 | Wireless router 2 Secure IP range 192.168.2.1-- Show quoteHide quoteDavid Hettel Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com DISCLAIMER: This posting is provided "AS IS" with no warranties, and confers no rights "Deejay" <Dee***@discussions.microsoft.com> wrote in message news:7763DEEA-FD98-4FDC-843D-699C25CECCB6@microsoft.com... > Thanks for the reply. I cannot find 'use simple file sharing' in the View, > Advanced scroll box. I have XP Home. Is that the reason? > > "David Hettel" wrote: > >> Yes it is possible, to setup your network this way. Basically you set >> your >> access point up without security, and set to broadcast the SSID. Then you >> set your computers up to require a user name and a password. Note that >> because any and all have access to your wireless connection that this >> will >> make it easier to crack the security on your computers. Be sure to >> disable >> the anyone account, and on windows XP go to My Computer | Tools | Folder >> Options | View | and in the Advance settings box scroll to the bottom and >> uncheck "use simple file sharing (Recommended) for each folder shared >> with a >> hand under it. >> >> -- >> David Hettel >> >> Please post any reply as a follow-up message in the news group >> for everyone to see. I'm sorry, but I don't answer questions >> addressed directly to me in E-mail or news groups. >> >> Microsoft Most Valuable Professional Program >> http://mvp.support.microsoft.com >> >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and >> confers no rights >> >> "Deejay" <Dee***@discussions.microsoft.com> wrote in message >> news:3975858E-5118-4A4B-B401-8EE9A7656B3E@microsoft.com... >> >I have often enjoyed the 'hospitality' of others by surfing the web on >> >their >> > wifi networks, and therefore wish to reciprocate so that anyone can >> > surf >> > on >> > my network. I do not, however, wish to compromise my security. >> > >> > Is it possible to allow open access to the internet through my network >> > while >> > restricting access to shared files so that they are only accessible to >> > authorised users? >> > >> > Thanks >> >> >>
Show quote
Hide quote
"Deejay" <Dee***@discussions.microsoft.com> wrote in message The way I do that is to configure the XP SP2 Windows Firewall so only news:3975858E-5118-4A4B-B401-8EE9A7656B3E@microsoft.com... >I have often enjoyed the 'hospitality' of others by surfing the web on >their > wifi networks, and therefore wish to reciprocate so that anyone can surf > on > my network. I do not, however, wish to compromise my security. > > Is it possible to allow open access to the internet through my network > while > restricting access to shared files so that they are only accessible to > authorised users? > > Thanks specific IP addresses on my home LAN can access each other. That is configured as a custom address scope for File & Print Sharing. http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallCustomScope.JPG Of course this means using static IP addresses on your LAN. In the case of my laptop my router assigns an IP based on its MAC Address, a pseudo static IP so to speak. In the example, this is on my desktop PC, the allowed addresses are as follows.. 10.8.0.12 wife's desktop 10.8.0.31 remote OpenVPN client PC #1 10.8.0.32 remote OpenVPN client PC #2 10.8.0.101 my laptop http://theillustratednetwork.mvps.org/LAN/TheIllustratedNetworkLAN.htm With that scheme guests can access my home LAN and the public internet, after I give them the appropriate WPA key of course, but not access shared files/folders on my desktop PCs. By the way I always run my laptop so the XP SP2 Windows Firewall is configured for NO exceptions. I basically set-it-and-forget-it. That way I am protected while away from home and connected to open wireless hotspots. If I need to get a file from a desktop to my laptop I initiate the file transfer from my laptop... http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallNoExceptions.JPG -- Al Jarvi (MS-MVP Windows Networking) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... It appears that your solution is to grant individual access even for the web.
Ideally, I wish web access through my network to be free for all but access to shared files only to the computers within my home. Show quoteHide quote "Sooner Al [MVP]" wrote: > "Deejay" <Dee***@discussions.microsoft.com> wrote in message > news:3975858E-5118-4A4B-B401-8EE9A7656B3E@microsoft.com... > >I have often enjoyed the 'hospitality' of others by surfing the web on > >their > > wifi networks, and therefore wish to reciprocate so that anyone can surf > > on > > my network. I do not, however, wish to compromise my security. > > > > Is it possible to allow open access to the internet through my network > > while > > restricting access to shared files so that they are only accessible to > > authorised users? > > > > Thanks > > The way I do that is to configure the XP SP2 Windows Firewall so only > specific IP addresses on my home LAN can access each other. That is > configured as a custom address scope for File & Print Sharing. > > http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallCustomScope.JPG > > Of course this means using static IP addresses on your LAN. In the case of > my laptop my router assigns an IP based on its MAC Address, a pseudo static > IP so to speak. In the example, this is on my desktop PC, the allowed > addresses are as follows.. > > 10.8.0.12 wife's desktop > 10.8.0.31 remote OpenVPN client PC #1 > 10.8.0.32 remote OpenVPN client PC #2 > 10.8.0.101 my laptop > > http://theillustratednetwork.mvps.org/LAN/TheIllustratedNetworkLAN.htm > > With that scheme guests can access my home LAN and the public internet, > after I give them the appropriate WPA key of course, but not access shared > files/folders on my desktop PCs. > > By the way I always run my laptop so the XP SP2 Windows Firewall is > configured for NO exceptions. I basically set-it-and-forget-it. That way I > am protected while away from home and connected to open wireless hotspots. > If I need to get a file from a desktop to my laptop I initiate the file > transfer from my laptop... > > http://theillustratednetwork.mvps.org/ScreenShots/SP2WindowsFirewall/FirewallNoExceptions.JPG > > -- > > Al Jarvi (MS-MVP Windows Networking) > > Please post *ALL* questions and replies to the news group for the > mutual benefit of all of us... > The MS-MVP Program - http://mvp.support.microsoft.com > This posting is provided "AS IS" with no warranties, and confers no > rights... > > "Deejay" <Dee***@discussions.microsoft.com> wrote in message If you want unlimited free access to the public internet through your home news:5DF9A4FE-3B87-4796-9998-D4BABFD1524C@microsoft.com... > It appears that your solution is to grant individual access even for the > web. > Ideally, I wish web access through my network to be free for all but > access > to shared files only to the computers within my home. > > "Sooner Al [MVP]" wrote: > > wireless router then simply disable any security your using, ie. WPA or WEP. Personally I advise against that... The way I read your original post is you want unlimited access to the public internet through your home wireless router for guests but block those guests from accessing shared files/folders on your personal PCs, correct? If so then the firewall scheme I gave you will do that as long as you turn off/disable encryption. Otherwise David's suggestion about a second router would work as would a new router that supports multiple Virtual LANs (VLANS)... -- Al Jarvi (MS-MVP Windows Networking) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... Hi
The best way (as mentioned by David above) is to segregate your Network, given the current price of Wireless Cable/DSL Routers it is a good investment. http://www.ezlan.net/segregation.html Otherwise, use Software Firewall on each computer; assign static IP to each computer on your Network within a given band (like 192.168.100.1 to 192.168.100.x ). Assign another band with DHCP for guests (like 192.168.20.1 to 192.168.20.x). Put your static band into the Trusted Zone of the Software Firewall on each computer. Voila, Guests would be able to access the Internet, but will be "banned" from your computers. Jack (MVP-Networking). Show quoteHide quote "Deejay" <Dee***@discussions.microsoft.com> wrote in message news:3975858E-5118-4A4B-B401-8EE9A7656B3E@microsoft.com... >I have often enjoyed the 'hospitality' of others by surfing the web on >their > wifi networks, and therefore wish to reciprocate so that anyone can surf > on > my network. I do not, however, wish to compromise my security. > > Is it possible to allow open access to the internet through my network > while > restricting access to shared files so that they are only accessible to > authorised users? > > Thanks Jack (MVP-Networking). <J***@discussiongroup.com> wrote:
<snip> > Otherwise, use Software Firewall on each computer; assign static IP to each In that case, can a guest not just assign themselves a ip-address from> computer on your Network within a given band (like 192.168.100.1 to > 192.168.100.x ). > > Assign another band with DHCP for guests (like 192.168.20.1 to > 192.168.20.x). > > Put your static band into the Trusted Zone of the Software Firewall on each > computer. > > Voila, Guests would be able to access the Internet, but will be "banned" > from your computers. the static band and gain access? 
Other interesting topics
I have 2 wireless cards with the same MAC address at the hotel
Wiring problem? Please help Using wireless router in place of wired router ? WPA problems Wireless disconnects constantly How to measure signal strength? Strange problem using Wireless connection Network key changes itself networking my two wireless computers |
|||||||||||||||||||||||
