sharing internet through a pc to wrt54g

Discussion in 'Networking Issues' started by samrugger, Jan 13, 2006.

  1. samrugger

    samrugger Network Guru Member

    i'm at my whits end(short trip). trying to connect a pc to my cable modem and wrt54gv2 to that pc for internet. then connect a pc to the wrt54g wired and one wireless. all this and still get to internet from the two pcs behind the router. also be able to access net work shares on all pcs.

    i know what a pain in the @$$.

    any help appreciated
  2. dareino

    dareino Network Guru Member

    me no many pc's we talking here? Are you trying to use the Router as an access point?

    ---->wireless pc

  3. samrugger

    samrugger Network Guru Member

    sorry for the confusion, let try to entangle logic a little more.

    3 computers using the default MS XP home office network under the workgroup MSHOME. 1 wireless, 2 wired.

    one of these is between the modem and the linksys. the other two connect to net through the router using ICS on the machine between the modem and router.

    i can connect to the internet fine but all computers are not showing up on the MSHOME workgroup.

    I guess the pc in the middle might be called a honey pot, maybe?
  4. NateHoy

    NateHoy Network Guru Member

    First, a few brain droppings:

    I'd heavily caution against a "honeypot" arrangement like this where your honeypot has access to network shares on the rest of your LAN. The "honeypot" if it exists, should normally exist in complete isolation, and contain nothing of value nor have access to anything of value.

    Since you used the term "ICS", I'm going to presume you are using Windows XP or at least a recent Windows in your "honeypot" machine. Compared to the WRT54G, it is a walk in the park to break a Windows machine. If someone should compromise your Windows machine, and you have configured ICS to allow that machine to see the whole LAN, then someone now owns your LAN. Word to the wise: BAD idea.

    The WRT54G is a heavily hardened router, and would be a MUCH tougher nut to crack. I'd urge you to put that router "out front". That's what it was built for.


    What will happen is that you are creating two networks. Your main PC is doing NAT (Network Address Translation) for its ICS connection to the router, then the router is doing NAT again from the ICS connection to its LAN. Those two LANs are not going to be able to see each other very well.

    The easy fix is to put the WRT54G "in front" and put all the machines on its LAN. Forward ports for any specific services you may want on each machine as needed (this is rarely needed except for BitTorrent and sometimes VoIP or other "server" applications).

    If you truly want a "honeypot" server, then put it in the DMZ and all Internet connections will default to that machine. But I'd recommend just turning on the SPI firewall and hunkering down behind the WRT54G - they're a pretty tough nut to crack...

    Everything would be on one LAN, and you can do all the local connecting you want. And you can turn on and off your honeypot server by simply enabling or disabling DMZ.

    As to the ICS supporting a LAN, I don't know. You COULD try plugging the ICS machine into one of the LAN ports on the WRT54G, or disabling NAT/SPI/DHCP on the WRT54G, thereby disabling its routing capabilities and turning it into a dumb switch. But then:

    1. Your ICS machine has to handle DHCP for multiple IP addresses for clients, and I don't know if it can do that (or you have to use fixed IP addresses for all your clients, and again I don't know if ICS can handle multiple LAN clients).
    2. Your ONLY security is now your honeypot. If someone cracks that machine, you are screwed. Deeply and truly screwed.

    Hope this helps...
  5. samrugger

    samrugger Network Guru Member

    Thanks for the advice sounds convincing enough... I'll take.

    Really appreciate the comments and glad i joined this group.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice