Want to set up public and private areas in network

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Al Wei

Thread Starter
Joined
Aug 11, 2001
Messages
36
I own a restaurant and currently have a DSL connection that is networked for my POS system and internal computers running Win XP. DSL line comes into a 2-Wire wireless router which is connected to a couple of hubs for wired network. Currently, everything works including wireless access. I would like to be able to offer both wired and wireless access to customers but want to keep them out of my internal network. What is the best way to do this? Do I need additional hardware? Do I need additional software? Or is this just a router setup issue? Is there somewhere on the web where I can get educated on this subject?

Thanks everyone for any insight you can share.
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
80,624
Does your business depend on your computers, your LAN and your internet access? If so I recommend that you get another DSL line and have a completely different service or else hire a professional who knows networking to set it up to your specifications.
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,425
If you'd like to have a "secured" network, and then have one that can be customer accessed, it's pretty easy.

You need to connect a second router to one of the network ports of the existing 2-Wire router, and connect all the secure site equipment to this new router. The customers will access the wireless and wired connections connected directly to the 2-Wire router. This gives you a NAT layer to keep the customers out of your network, but still allows you Internet access. You can configure the second router to be in the DMZ of the primary router if you need for forward ports for server applications on the private network.
 

Al Wei

Thread Starter
Joined
Aug 11, 2001
Messages
36
John & Terry, thanks...
I'm very new to networking (yet, I was able to set up the original network) so can you please explain NAT, DMZ, and "forward ports"? Or refer me to a networking for dummies website where I can get a little educated?

For the private network, I only use DSL for internet access for credit card processing and web acccess.
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
80,624
For those terms your (or any) router's User Guide should suffice. "Forward ports" may be covered under "virtual server."
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,425
DMZ - (DeMilitarized Zone) A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet. Also called a "perimeter network," the DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a firewall. Organizations typically place their Web, mail and authentication servers in the DMZ. DMZ is a military term that refers to the area between two enemies.

NAT - In computer networking, network address translation (NAT, also known as network masquerading or IP-masquerading) is a technique in which the source and/or destination addresses of IP packets are rewritten as they pass through a router or firewall. It is most commonly used to enable multiple hosts on a private network to access the Internet using a single public IP address.

Port forwarding - (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router.

Port forwarding allows remote computers (e.g. public machines on the Internet) to connect to a specific computer within a private LAN.

For example:

forwarding port 8000 on the router to a user's machine allows SHOUTcast streaming
forwarding ports 5000 through 6000 to a user's machine allows the use of Unreal Tournament
Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain.

Some common caveats with port forwarding include:

the need to forward the packets that come to the router's forwarded port as well as the need to rewrite them so that the machine to which the port is forwarded to can reply to the original source address, which in turn leads to
the inability of the destination (private) machine to see the actual originator of the forwarded packets, and instead see them as if originating from the router
 

Al Wei

Thread Starter
Joined
Aug 11, 2001
Messages
36
Thank you very much for the detailed explanation. We'll have to see whether this dummy can learn new tricks. :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top