Archived from groups: microsoft.public.windows.networking.wireless (
More info?)
On Mon, 20 Sep 2004 11:09:51 +0100, "yar" <raybright@btclick.com>
wrote:
>I have a wired network with a router and switches to four pcs in my home
>network, I have now added a wi-fi access point to allow others access to my
>internet connection.
>
>I am unsure how to stop people gaining access to my home network once they
>have connected via the access point.
>
>My pcs have fixed ip addresses so I have added these ip addresses to my fire
>walls, will this be good enough.
>
>Please help and advise.
I don't think any of this can be done that easily - but I am not an
expert so someone else might have better ideas. Any of the following
should work:
1. You have four machines. If you are using fixed IP addresses on
your local machines make sure they run sequentially and then allow
that sequence of four through the firewalls on each computer. Lock
out anything else. However this means that machines connecting to
your wireless network will also have to use fixed IP addresses.
Should one of yours be turned off and another with the same address
log in then it will get passed the firewall.
2. Set your machines to use dynamically assigned IP addresses and
turn on DCHP on your router. Use address reservation on the DCHP to
make sure that each of your four machines is always allocated the same
IP address. Set the firewalls as in (1). Other machines logging on
to the wireless system will be assigned an IP address outside the
trusted range and therefore will not have access through the
firewalls.
3. This is my favourite - do either of the above but use the
operating systems on your local machines to restrict access to your
shares. You will need to ensure each machine you use has the same
username and password for your principal account. Set your shares
only to accept access from machines presenting the right username and
password. Then no-one that is not you can actually see anything you
are sharing, they will just get an error message saying they do not
have permission to access the resource and to contact their systems
administrator.
Hope this helps.