Single directional access?

[Six Eyed Smily]

I have two networks, netork a and network b, connected with two routers like so:

wan
|
router 1 ----- network a
|
|
|
router 2 ----- network b

ideally, network a would be able to have full access to network b, but not the other way around.

network b needs to access the WAN, but must not be able to access network a.

what is the best way to achieve this?

oh - most machines are win98se and there is no network server ( )

[confus-ed]

what is the best way to achieve this?

Err with a server ? - what clients do we have besides 98 se ? - we want something like xp pro so we can use ACL's (access control lists) & do 'complex' filesharing

[Six Eyed Smily]

yeah i know, however budget constraints prohibit a server. these same budget constraints also mean that upgrading the network to xp pro is not an option either :*( there is one xp pro box but unfortunately it is rarely on, and due to its location cannot be left on most of the time.

i was hoping to do it with some clever static routes on router 1, is this likely to work?

[InTheWayBoy]

Couldn't you setup a firewall on the machines on Network A to deny access from Network B? I would assume you can do this, but still allow access to Network B if the firewall is setup right...

Then again, that may be impossible, or out of the scope of the free version of most firewalls. Just an idea though...good luck!

[confus-ed]

..ideally, network a would be able to have full access to network b, but not the other way around.

network b needs to access the WAN, but must not be able to access network a.

So can you define this a bit better ? do we really, really need access to 'everything' ? Otherwise I was gonna suggest you use your sole xp client, turn on 'complex' file sharing (well NOT use simple filesharing really ) & use that as a 'file server' - best I can currently think of as a 'no cost solution' here

As for using routing somehow, maybe with IP blocking on the routers somehow ? (this'll be hard though if you use dhcp, but might be okay with static addressing - I can't say I've considered this before, as this situation screams' I need a central server please' to me )

[Six Eyed Smily]

thanks for your help . have looked into it further, and have managed to get it working using firewall rules on router 2, which is not ideal but will do. the only problem i have left is that the print server uses the LPR protocol, but i am unsure on which port this operates. how can i find out?

also are there any basic free ftp servers for win98se?

[confus-ed]

thanks for your help . have looked into it further, and have managed to get it working using firewall rules on router 2, which is not ideal but will do. the only problem i have left is that the print server uses the LPR protocol, but i am unsure on which port this operates. how can i find out?

also are there any basic free ftp servers for win98se?

Welcome of course ..

File & print sharing is on port 139 ? but I now see 'everything' doesn't need shared, so yup ftp server will do that (& put the 'needing sharing' stuff on that - good thinking )..

Now free ftp server s/w .. well this used to be easy, but now all the 'good uns' charge .. IIS for a 'laughable suggestion' , Blaze FTP ? , & a few 'maybes' here - though I'd just 'lash' for something like Cuteftp Or 'whatever' to get some 'official' support (shouldn't be so dear ?)

[Six Eyed Smily]

that would be a free ftp server, not client. sorry.

[confus-ed]

that would be a free ftp server, not client. sorry.

Many of the clients will have server versions too, I was only doing 'vague suggestions' so some more suggestions ! - on this list, Cerberus is really free (thats ok), serve-u (used to be freeware & now isn't) & GuildFTPD (freeware) I think are worth a 'mooch' ..

[Six Eyed Smily]

cheers - cerberus looks ideal - low cpu usage will come in handy too. as it is behind a whole stack of firewalls and NAT boxes, security isnt really an issue.


the printer port - windows file and printer sharing is on 139. however LPR is a unix protocol, and from what i can gather from googling it seems to be able to operate on a variety of ports. my print server is short on documentation, which doesnt help.

any ideas?

[confus-ed]

the printer port - windows file and printer sharing is on 139. however LPR is a unix protocol, and from what i can gather from googling it seems to be able to operate on a variety of ports. my print server is short on documentation, which doesnt help.

any ideas?

(So still trying to keep 'free' in mind) ..Perhaps put a s/w firewall client on one of the pc's, like kerio or za, put on the 'ask/learn' feature & then it should ask if the port traffics allowed if you try a print .. if you are using a range of ports, a few sheets of paper printed out should at least give you a start ?

[Six Eyed Smily]

now thats a good suggestion. will give that a go.

wish companies wouldnt try to be so 'user friendly' that they dont give you any information also wish this client had a larger budget. ahh well.

[Bigtimbre]

cheers - cerberus looks ideal - low cpu usage will come in handy too. as it is behind a whole stack of firewalls and NAT boxes, security isnt really an issue.


the printer port - windows file and printer sharing is on 139. however LPR is a unix protocol, and from what i can gather from googling it seems to be able to operate on a variety of ports. my print server is short on documentation, which doesnt help.

any ideas?

if you can print out a configuration page, that should list the port. Alternatively, if you have machines that currently print to this device, you can check the port set up on the individual workstations, and that should tell you which one the printer is listening on...

[Six Eyed Smily]

turns out its on port 515 -thanks.

[confus-ed]

turns out its on port 515 -thanks.

Are you all 'good to go' now then ? Is that case closed ?