** Rob Malpass <li...@getiton.myzen.co.uk> [2011-05-07 09:50]: > Moving house shortly which means, for the first time, I have to have my > father in law on my network. Now while he's no hacker, he is fond of > fiddling and has managed to crash his (Windows) machine so badly over the > years that nothing short of a full reinstall has fixed it. His fiddling > ranges from downloading patches for stuff he's never thought of using, to > coverdisks with offers of games if you include enough adware that "checks > for updates" every time it starts up. I'm sure you get the picture! > > So he's now going to be part of my LAN. Previously, we have had the luxury > of two broadband connections: one cable, one ADSL and I had thought of > putting him on a separate router and let that be that. At the new place > though, while there are two lines, it seems pointless to pay for another > ADSL connection just to keep him isolated. > > What I want is to keep him isolated so he can't even see any network > devices, printers - just let him share the connection. I'm thinking: > > 1) He runs Kapersky so presumably I could tweak this to allow him only > access to IP addresses with outbound traffic outside my LAN's range. > > 2) Setup some sort of rule on the router - not sure how to do this. > > 3) IPCop is probably the most detailed solution -but again not sure. > > Is there an obvious solution out there. I don't want to buy netnanny or > something like that for him - far too obvious and condescending but I am > really worried. I don't want to software firewall the rest of the family's > machines so tightly that they become restricted. ** end quote [Rob Malpass]
I'm a little late to this thread, I've been fixing shelves and re-arranging my office all weekend after some shelving decided to start pulling away from the wall with all the computer books and software on them! That's beside the point though. On the basis that your ADSL connection is likely to have several ethernet ports built in I would suggest the simplest thing to do would be to connect the machine into the ADSL router directly and use a fairly standard cable router to connect the rest of the machines behind that. If you connect the 'internet' side to the ADSL router you effectively put anything connected directly to the ADSL router into a sort of DMZ (sort of since it is still firewalled as normal, so not really a proper DMZ) with a separate IP address range that is firewalled off from the rest of the network by the cable router. Cable routers are pretty reasonably priced, or if you are lucky you may pick one up off Freecycle / Freegle (I nabbed a D-Link wireless N unit a while back which has improved my coverage!). Of course if you're not happy using an off the shelf firewall router you're probably not just relying on the ADSL router and have a PC configured you can add an extra NIC to and adjust the routing rules - as already suggested I think. -- Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/ | 023 9238 0001 ====================================================================== Registered in England | Company No: 4905028 | Registered Office: Crawford House, Hambledon Road, Denmead, Waterlooville, Hants, PO7 6NU -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
