Linux Lite Forums
Hardware - Support => Network => Topic started by: glin22 on May 06, 2016, 02:14:44 AM
-
Hi Folks,
What I'd like to do is set up a class C network of 4 computers. I want to be able to share info between all 4 of them locally but only 2 of the machines will be able to access the internet while the other 2 cannot have any internet traffic going in or out. I've spent a fair amount of time trying to read up on how I could do this but didn't really find anything that explained things in a clear way. I did find one article that had a bit of helpful info but it still isn't enough for me to solve this project.
I have 2 Linksys routers, I set the first router address to 192.168.1.1, the second router was set to a different subnet 192.168.2.1, the first router has the cable modem going into the WAN port. Then I linked up a ether cable from one of the LAN ports on the first router and had that going into the WAN port of the second router. I got a computer hooked up to the 2nd router by way of a LAN port but it still had access to the Internet. Is there any way to shut off any Internet traffic to any computers connected to the 2nd router but still have them capable of sharing stuff locally ?
Anyway, I need a bit of help from someone who knows more about how to do this as I am going around in circles. I think I can put this together if someone can get me pointed in the right direction.
Thanks,
Glin22
-
There are a few ways to accomplish.. Since your only needing 2 blocked.. You could block access via their MAC addresses using a policy.
The policy would allow local access but deny access to the internet..
If choosing this option you could condense to a single router...
You may find this under Access Restrictions or Policy..
Searched and found for an example - http://www.linksys.com/ph/support-article?articleNum=136710
If you're wanting to block anything that could connect to the 2nd router (WiFi or future devices) you could - depending on router - create a firewall rule on that router blocking those ports.. (80,8080,443, etc...)
A couple ideas...
-
glin22,
It would seem to me that you would just leave off the gateway address on the computers you don't want to access the Internet.
You can have all 4 computers on the same class C network connected to the switchports (ie. Ethernet ports) of the same router. But for the 2 computers you don't want going to the Internet, just statically configure their network settings for the same Class C network, and leave off the gateway address. In other words, for the 2 computers you don't want to access the internet, you only need to configure their IP address and subnet mask. Do not configure any DNS Server entries or the Gateway IP address.
The Gateway address (ie. the router's IP address) is the gateway, or the doorway, to the Internet. Without that doorway, those 2 computers have no path to the Internet. But with the IP addresses and subnet masks configured, they will be able to communicate with devices on that local class C network only, which is what you say you want.
Cheers.
-
[HELPFUL TIP] Networking between linux pcs[linux lite forum ...network]
This also works with windows /linux found this very useful and secure
cheers mike
-
miken242,
Directing glin22 to your Nitroshare post at this link (https://www.linuxliteos.com/forums/network/networking-between-linux-pcs-information/) is a partial answer. It addresses sharing between glin22's 4 computers, but it does not address the concern glin22 has to leave 2 of the 4 computers free of Internet access. To accomplish that part, I still say leave the PC's you don't want to connect to the Internet free of DNS and gateway configurations. In other words, leave those settings blank on the computers you don't want to access the Internet.
-
torreydale's solution will work... But I would add; locking the "user" profile so that they couldn't add the gateway back into the settings, if this is a concern... This too could be accomplished with just 1 router...
Guess it depends on how your planning on using..
Just for yourself, testing/lab - For various end users, like a classroom - PC's in the house for the kiddies to play on..
And do you require the 2 routers or can it be condensed (curiosity)..
Many ways to skin this cat :)
-
Thanks very much for the replies !
You know, last night I spent another 3 hours searching for info but all I get is bits and pieces, nothing where I can get the complete context. The other problem is I don't know what the network I am trying to put together is called. Part of it is a private Intranet and the other is WAN,
As some of you said, maybe I can set up a policy where only certain computers have access. Maybe I don't need an additional router, maybe everything can be on the same subnet and just have those policies installed.
Well, at least I have more to go on now, will report back when I try out some of the things you mentioned.
Glin22
-
Woo Hoo !
Last night I got the version of this working on the same router by setting up the mac address of the computer I didn't want to have internet access. But at first it didn't want to work, I fiddled around for about 10 min until I realized that I was denying the policy ! I was so fixated on the idea of denying any internet access that I didn't clearly read what the router was saying !! Haha ! I was denying the policy ! As soon as I set that to accept, it worked fine.
So now I am going to see if I can get torreydale's version of it working. Torreydale, your explanation of the situation was better than what I got out there on the internet, it helped ! Thanks !
@firenice3 Your question about whether it could be condensed....I just had a bunch of equipment given to me so I have 3 routers along with a bunch of other stuff to play around with, I just thought that was the only way of doing it.
But like you people said, there's a bunch of ways to skin the cat. Youz peoplez are turning me into a good cat skinna ! ;D
-
;D ;D :D :D :P :P
Good to hear... Keep skinnin
-
2 for 2, Got the other cat skinned... ;D
The network also works with taking out the gateway on the machine I don't want to have going out to the internet. I didn't know you can just leave out the gateway on a computer, that was nice to know.
But my situation is a bit funny now...yes, I can get what I wanted with 1 router but now I have other things I want to have networked so it looks like I might need the router for extra ports to put stuff on, 4 ain't enough now, haha !
If I do hook up another router for the extra ports and the 2 routers are on different subnets, can local access be gained on everything ? Or is the local traffic on a specific subnet limited to devices hooked up to only that specific subnet ?
Anyway, things are going much better than before.
Glin22
-
Hi,
You don't need another router, that will just add complexity.
You can use an ethernet switch, cheap one will do.
for 100Mb: One like this. (https://www.amazon.co.uk/dp/B000FNFSPY/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=569136327&pf_rd_s=lpo-top-stripe&pf_rd_t=201&pf_rd_i=B0000E5SEQ&pf_rd_m=A3P5ROKL5A1OLE&pf_rd_r=W3KR1VKTTSQD4GFXPCFA)
or for 1Gb: One like this (https://www.amazon.co.uk/D-Link-Gigabit-Desktop-Switch-GO-SW-5G/dp/B008PC1FYK/ref=sr_1_1?s=computers&ie=UTF8&qid=1462699469&sr=1-1&keywords=gigabit+switch+5+port)
Then 1 ethernet cable from your existing router into the switch, and you now have 4 more ports.
No need to do any config changes. Just plug into new ports.
The only thing to take care of/consider...
If you are using DHCP on the router.?, make sure you have allowed enough addresses. :)
-
Hi,
You don't need another router, that will just add complexity.
You can use an ethernet switch, cheap one will do.
for 100Mb: One like this. (https://www.amazon.co.uk/dp/B000FNFSPY/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=569136327&pf_rd_s=lpo-top-stripe&pf_rd_t=201&pf_rd_i=B0000E5SEQ&pf_rd_m=A3P5ROKL5A1OLE&pf_rd_r=W3KR1VKTTSQD4GFXPCFA)
or for 1Gb: One like this (https://www.amazon.co.uk/D-Link-Gigabit-Desktop-Switch-GO-SW-5G/dp/B008PC1FYK/ref=sr_1_1?s=computers&ie=UTF8&qid=1462699469&sr=1-1&keywords=gigabit+switch+5+port)
Then 1 ethernet cable from your existing router into the switch, and you now have 4 more ports.
No need to do any config changes. Just plug into new ports.
The only thing to take care of/consider...
If you are using DHCP on the router.?, make sure you have allowed enough addresses. :)
That's handy to know, thanks for the input.
But I didn't want to go out and pay for extra equipment, I found out there's a way to extend the router and use it like a switch. I set the second router on a different IP address, then I connected up one of the LAN ports from the first router to a LAN port on the second router. I then turned off DHCP on the 2nd router. So far, everything seems to work and I now have 7 ports to play with instead of 4 without having to buy anything additional. But your idea is good if I want to add even more stuff.
I don't know, maybe there's a way to have the first router connect up to the WAN port on the 2nd router and then have 8 ports instead of 7, don't know how that's done. But at least I have 7 ports to play with now.
Glin22
Glin22
-
@ glin22
Glad you almost have it sorted.. Yes certain modem/routers can be configured to just use the router part...
A useful tool when having a large network is "Angry IP Scanner (http://angryip.org/)" used it for years on Windows, now on Linux.
It's in synaptic "ipscan" but it's about 18 months old. You can get the latest .deb (http://angryip.org/download/#linux) from the website, Jan this year.
GL
-
@ glin22
Glad you almost have it sorted.. Yes certain modem/routers can be configured to just use the router part...
Just to add to... You can disable WiFi from the settings, so only 1 router is addressing those devices (especially if next each other..)
Some "helpful" info with may help in what the "routers" are doing and how different connections work..
http://superuser.com/questions/936062/expanding-wireless-coverage-what-are-the-differences-between-lan-to-lan-and-lan
Trying to keep it simple ;) depending on your equipment you can really get crazy :P
-
@ glin22
Glad you almost have it sorted.. Yes certain modem/routers can be configured to just use the router part...
Just to add to... You can disable WiFi from the settings, so only 1 router is addressing those devices (especially if next each other..)
Some "helpful" info with may help in what the "routers" are doing and how different connections work..
http://superuser.com/questions/936062/expanding-wireless-coverage-what-are-the-differences-between-lan-to-lan-and-lan
Trying to keep it simple ;) depending on your equipment you can really get crazy :P
@Firenice03, those are golden words you just said, simple is a great thing ! Last night I found a few more networking sites, did more reading and I could spend weeks fiddling around with other settings. I think part of the solution I want is to fiddle a bit with the subnet mask, I'm going to try that and then call it quits for the time being. I achieved what I wanted to do (thanks to the people who gave feedback), it's a big deal for me, kinda like when I got 2 monitors, this ability to hang some extra devices on the network opens up new vistas !
Glin22
-
@ glin22
Glad you almost have it sorted.. Yes certain modem/routers can be configured to just use the router part...
Just to add to... You can disable WiFi from the settings, so only 1 router is addressing those devices (especially if next each other..)
Some "helpful" info with may help in what the "routers" are doing and how different connections work..
http://superuser.com/questions/936062/expanding-wireless-coverage-what-are-the-differences-between-lan-to-lan-and-lan
Trying to keep it simple ;) depending on your equipment you can really get crazy :P
@Firenice03, those are golden words you just said, simple is a great thing ! Last night I found a few more networking sites, did more reading and I could spend weeks fiddling around with other settings. I think part of the solution I want is to fiddle a bit with the subnet mask, I'm going to try that and then call it quits for the time being. I achieved what I wanted to do (thanks to the people who gave feedback), it's a big deal for me, kinda like when I got 2 monitors, this ability to hang some extra devices on the network opens up new vistas !
Glin22
;D ;D ;D ;D ;D ;D
Like the URL mentioned "home use" routers are more than just a router - DHCP/DNS servers and firewalls... Lots to play with and depending on your model & firmware many other options available too...
Since you mentioned these were new to you - acquired equipment.. You may want to look at dd-wrt (http://www.dd-wrt.com/site/index) you maybe able to flash it..
I did on an old linksys router, I use for camping (campgrounds) :)
And... dd-wrt is a Linux based firmware :P