SmokingRope Posted July 5, 2006 Share Posted July 5, 2006 I am connected to a cable modem with a router which serves ip addresses to the rest of the computers in my home. My router is running windows 2000 and uses the windows 2000 dhcp server to assign addresses.I have 3 network adapters in total on my router and would like to use this third adapter in conjunction with a wireless AP to provide 'insecure public access' to the internet. I want to do this while keeping my home network invisible to the wireless users. I'd like to use the ip addresses 192.168.1.0/24 and 192.168.2.0/24 for the home and wireless networks. I have tried but been unable to define two scopes on my dhcp server which each bind to a single(different) network adapter.Once i have the two distinct subnets being served i'd like to ensure through the windows 2000 routing/remote access service that no packets can be transmitted to my home network from the wireless network. Is this at all possible and what must i do to set it up? Link to comment Share on other sites More sharing options...
tain Posted July 6, 2006 Share Posted July 6, 2006 On the adapter in question, ensure it has a static IP in the subnet (scope) that you want. The DHCP server will receive DHCP requests on that interface and assign an IP in that subnet. The client couldn't get connectivity otherwise since it would be unable to reach the router's interface. I don't think you need to manually bind a scope to an adapter although that would be cool.Personally, I would go with static for your stuff and bind the DHCP *server* (as opposed to the scope) to the adapter hosting the AP.You could also try clustering and binding two DHCP servers to different adapters.Being on two different subnets will logically separate the networks as long as you have the netmasks setup properly. Link to comment Share on other sites More sharing options...
RogueSpear Posted July 6, 2006 Share Posted July 6, 2006 Clustering w/ W2K requires Advanced Server last I knew. If you can afford two computer, two W2K AS licenses, the wasted electricity to run those two servers, etc (I think you get the idea) just to perform routing in a home environment then:a.) you have too much moneyb.) you must be a lab rat studying for cert exams I see nothing wrong with your methodology.. but doesn't it seem a bit like killing flies with a shotgun? Link to comment Share on other sites More sharing options...
tain Posted July 6, 2006 Share Posted July 6, 2006 It didn't seem that crazy at the time But yeah, that was overboard; which is funny to me since I have been known to call for toned-down suggestions that don't go beyond the scope (har har) of the home office.My only excuse is that SR's post is more advanced than grandma that needs to power cycle her router.And, yeah, clusters require 2kAS.but doesn't it seem a bit like killing flies with a shotgun?When you absolutely, positively got to kill every FLY in the room, accept no substitutes Link to comment Share on other sites More sharing options...
RogueSpear Posted July 7, 2006 Share Posted July 7, 2006 In thinking about it, you could probably pick up an optioned out Cisco router on eBay for a good price. Link to comment Share on other sites More sharing options...
SmokingRope Posted July 7, 2006 Author Share Posted July 7, 2006 Well i got it working.As it turns out. The only real restriction with the dhcp clients is you can't use two adapters for the same subnet.So I have my two internal adapaters setup as 192.168.1.1 and 192.168.2.1 - Each of these automatically distribute dhcp scopes within their given subnets and nothing else. This was the part that was unclear to me at first. Apparently the binding is for some case where two adapters both have statically configured ip's in the same subnet. With binding you can manually resolve potential conflicts. All adapters dynamically configured never even show up in the dhcp management console.The second part involved placing a filter in routing and remote access. Using an input filter i drop all packets being sent from any ip in the 192.168.2 subnet which are directed to the 192.168.1 subnet. This way i can setup public servers on the 192.168.2 subnet which anyone in the world can access and anything on the 192.168.1 subnet is my personal intranet stuff. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now