Separated internal and external network

O

ocian

n00b
Joined
Oct 10, 2008
Messages
15
Looking for a little help or advice on whether or not this can be done:

I have a small LAN setup through a switch which lets several computers share files on a windows workgroup. This network is not hooked up to the internet.

I also have a router which serves access to the internet.

What I want:
I would like to know a good way to allow computers to communicate with each other over the workgroup while still remaining separate from any outgoing communication at the hardware level.

What I have tried:
The computers each have two NIC cards in them. I assigned a specific IP range to the switch (say 10.0.1.1) and assigned a different IP range for the router (say 10.0.0.1).
I then setup static IP addresses for each NIC to correspond with the appropriate IP ranges (10.0.1.2 for the switch network and 10.0.0.2 for the router). I then setup a workgroup for the computers to share on. The computers are able to access to the internet through the router assigned NIC.

The Problem:
It seems that the computers are not seeing each other over the workgroup. I can ping each computer successfully using their IP address assigned for the switch as well as successfully pinging the switch itself. I am also unsure if workgroups are assigned to the NIC or if one computer can only be on one workgroup.

In brief summary, I want to keep my LAN separated from any internet traffic, preferably at a hardware level. I'm wondering if there is a better way to do it than what I have tried, otherwise the best alternative. I hope any of this made sense and hope someone could direct me in resolving this.

Thanks
 
so you have some computers that you don't want to have access to the internets. then you have some other computers that can access the internets. then you want all of these computers to be able to share files with each other? Is that correct?
 
What kind of Switch and what kind of router?
if its a layer 2 managed switch and a decent router you can set-up 2 vlan's 1 for internet traffic and 1 for internal network sharing...

if its a decent router you could do Access control lists but that would be kind of a pain in the ass...

List your equipment and people may be able to give you some better hints on what you can do with it :)
 
I have an Asante IntraSwitch and a Netgear Rangemax(?) wireless router.

Captain Colonoscopy: Yes that's pretty much correct.
 
quick and dirty way would be to drop the idea of multiple nics. give every machine one nic. connect every nic to the same switch. connect the router to the switch. enable dhcp on the router. this will take care of all the machines you want to be able to access the internet. then, for the machines you don't want to be able to access the internet, assign them a static address, manually configure them, and just don't give them a default gateway. this way, they won't have internet access, but will be able to access everything locally - subject to any permissions you put at the share/folder level obviously.

edit: can't see why you would want to keep the environments 'seperate'...if your doing it for security reasons then what you want to achieve wouldn't actually give you any security...since if machines that are connected to the internet have connectivity to machines that aren't then if the internet connected machines get hosed then the ones that don't will likely end up hosed too anyway as they are on the same network. if you want proper segregation between the environments then you really need to be firewalling them off. that said, if you are going to firewall them off but then still want to use file sharing between them you may as well not bother firewalling them in the first place. unless you have some other reason for segregating them, the solution i posted above is probably the easiest to live with.
 
ocian said:
I have an Asante IntraSwitch and a Netgear Rangemax(?) wireless router.

Captain Colonoscopy: Yes that's pretty much correct.
Click to expand...

A did a quick googler on Asante IntraSwitch looks like some models support port based VLANs. You could setup the groups on two different VLANs and then only allow internets on the one VLAN.
 
You must log in or register to reply here.
Back
Top