What is my trusted network? My IP changes?

I have a home multiple PC setup: a telecommunication cable goes from wall to a ADSL router. Cat5 cables go from the ADSL router to 3 PCs. One cable goes to a netgear router from which it goes to yet three PCs.

Internet is available to everyone and works great. File sharing does not work. What I would like is:

  • have internet available
  • share a printer
  • have files shared (a directory for that perhaps)

Unfortunately if I have internet I have to have a firewall and all the firewall prevent access to the other PCs around the house. To have sharing I have to yank the telecom cable and disable all firewall and reboot the ADSL and router and tehn after a few mnutes the computers see each other.

The problem is because I have to set up a “safe zone” for my LAN ie tell the firewall that traffic coming from computers on the LAN is ok (but not if it comes from internet). I’ll get back to that later?

When my telecom cable is off the wall and I have no internet cnnection IPCONFIG shows the PCs having an ip address 198.nn.nn.nn. When the telecom is connected to the ADSL router IPCONFIG shows ip’s 88.nn.nn.nn. My ISP issues a dynamic ip everyday or so. Now what do I put as a trusted zone? If I put 198.nn.nn.nn I won’t get any connection to the other computers if my internet is on. Putting 88.nn.nn.nn would not be a good idea!

as a general rule, ipconfig behind a router is a very bad tool and returns the local ip, not the wan ip.

also as a general rule, an adsl router has an external ip adress (it is dynamic, you are right), and a local ip.

For your lan to work, you need to get your local pc (and printer if it has an ip) out of dhcp and assign each of them a non-routable ip.

the non routable ip must only be in one of the following classes:
192.168.xxx.xxx, 10.xxx.xxx.xxx, or 172.xxx.xxx.xxx.
the most common choice is the first one: give each of your pc, ip printers a 192.168.xxx.xxx adresss, and give your router also a 192.168.xxx.xxx adress: this last one will be the gateway ip for the NIC of every pc, you might also need to enter the dns of your isp.

Once this is done, add a network zone, being clearly:
you need to create 3 networks rules, one for tcp/udp, one for icmp, one for ip, and allow everything as long as the destination ip is the trusted zone.

Now, go back to the application monitor. As far as windows 2000 is concerned, you need to allow everything for the destination ip being the trusted zone for: rsvp, svchost, and system.
you also have to allow services, udp out, port 53 for the dns of your fai and explorer, everything, destination ports 135 to 139 (of course still only for the trusted zone!!!).

I don’t see the role of the netgear router: a simple switch is enough; if you don’t have it, it is better to disable the adsl capacities of this router and just use it as a switch, the adsl router should do all the job.
Of course, the netgear router must also have a non routable ip and be “gatewayed” to the lan ip of the adsl router.

Now, it should work.

I don’t understand what you mean with:

For your lan to work, you need to get your local pc (and printer if it has an ip) out of dhcp and assign each of them a non-routable ip.

How do I get “out of dhcp”?

I went to Internet TCP/IP properties and advanced an it has “DHCP enabled” but there is no way to make it disabled.

I swapped my ADSL router to a different one and while it works I changed a few things:
When internet is on each computer shows IPCONFIG as 10.0.0.nn. When I go to a “whats-my-ip” site they report that my external ip is the familiar 88.nn.nn.nn. Both router work with internet well.

Hey John,

One thing that may be causing a bit of confusion about your IP address concerns your ADSL router.

Your router, in a nutshell, has two network cards in it - one inwards facing towards your LAN (this is the 10.X.X.X address) and out outwards facing towards the internet (this is the 88.XX.X address). The router itself receives data from the internal LAN on the 10.X.X.X address range and, if it is destined for the outside world, passes the request to the outwards facing network adaptor where it goes off to the internet.

This is why, if you run IPCONFIG /ALL from one of your LAN PCs, it will report the internal IP address, but if you tell an external website to check your IP, it is looking from the outside in and can only see your enternal IP (the 88.X.X.X one).

When setting up trusted networks with CFP V3, you need to focus on the 10.X.X.X address space

The external address (88.X.X.X) should be, relatively, transparent and immaterial to your day to day LAN or internet activity.

Ewen :slight_smile:

Depending upon the OS, tcp/ip properties in windows will ask you to automatically assign the ip, or to choose the one you want (speaking, of course, of lan ip).

If the OS has several modes of connexion, and even if it does not, not assigning the ip IS dhcp, letting the ip be randomly choosed, and most often resulting in some failure or another.

If you assign ip to the lan side of your adsl router, and why not to the switch function of your netgear serving as a switch, you must assign to each pc and network printer a fixed 10.0.0.n ip, where the mask should be and the gateway