Newbie... need basics

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi... Before I ask any questions on any NG, could someone
give me some links to networking basics.  I'm computer literate
but I've never had to deal with networks so I'm pretty ignorant.

I need to understand an existing small network that needs
to expand.  It currently has a DSL line with a Netgear
8-port VPN Switch/Router/Firewall (VPN not used), a wireless
router, and a Print Server.  I need to expand the network in
another part of the building where the wireless signal is weak.
The expansion is to attach more computers and a printer.

The DSL is only used for internet/email access.  There is no
web services or other fancy needs.

I need to understand the basics of Routers, Switches, hubs,
Print Servers, hardware & software firewalls.  I hope I don't
need to understand all the different protocols.  My biggest
concern is to protect these new computers as they will have
sensitive data.  So I need to protect it from outside the
firewall as well as computers from within the network.

Any assistance/links would be appreciated


Re: Newbie... need basics

Quoted text here. Click to load it

One way to protect a set of computer, not physical protection, but
network protection, would be to install a second router, in series with
the first router, and connect the "Sensitive" computer to that router.

The Sensitive computers could access everything connected to the first
router (existing PC's, print server, internet, etc...) but nothing in
front of the second router could access inside the second routers
network directly.

 |    |
 |   -  First Less secure computers/printers
 - Second group of computers

You should use a wired connection between your first router and your
second router, and not some wireless solution, this keeps performance

You also might want to set the WAN address of router 2 to a fixed in the
router 1 LAN network, but it's not 100% necessary.

You also need to know that with eithernet, CAT5/6, you are limited to
100 meters between router 1 and router 2 to connect them (most people
use 90 meters so that there is no mistakes).

Anything behind the second router (second computers) can't be directly
reached by the First Router LAN (first group of computers), UNLESS you
poke holes (FORWARDING) from WAN to LAN in the second router.

To setup the printers for the second LAN, just created a standard TCP
printer port and point to the IP of the printer in the first lan.

Also, you need to MAKE SURE that both networks (routers LAN) are
different subnets:

LAN1 =
LAN2 =

Hope this helps.

remove 999 in order to email me

Re: Newbie... need basics

Hi Leythos...  I didn't expect this much help (and much appreciated),
but since you replied see my followups below...

Leythos wrote:
Quoted text here. Click to load it
Good to know.  I believe the amount I would need to pull is under
the max.  Probably 50 meters at most.

Quoted text here. Click to load it

(Note that all the computers are Windows based)

I was wondering whether I needed a router of if a hub is sufficient.
The computers on the first router are laptops that I don't have much
control over and I'm concerned that virus' and other nasties might
invade the 2nd network systems.

Though I want to limit the accessibility from those computers to the
"2nd network" computers, there is some access I need to allow, such
as access to a database, read-only.  Would a 2nd router allow
access to a particular shared area?

Would a software firewall be advised on the 2nd network computers
if 2nd router is used?

If a hub is a feasible choice, to allow the database accessibility,
should a software firewall be used?

Quoted text here. Click to load it
I don't understand subnets!  :-(  If they were the same does it
make the router looke like a hub?

Quoted text here. Click to load it
Yes!  Thank you!

Re: Newbie... need basics

Quoted text here. Click to load it

A HUB would connect the two sets of computers without any blocking of
connections between them.

You specifically asked for a secure set of second computers, the NAT
function of the second router would block access from the first set to
the second set.
Quoted text here. Click to load it

It depends, you didn't say what type of Database. If you mean a MSSQL
database, then you would have to PORT FORWARD TCP1433 to the second
level computer with the MS SQL Service running on it - then all
computers in LAN 1 could access TCP 1433 on the Target computer.

If you mean MS Access or some other file based pseudo database, then no,
you could do it, but then it's not really secure.

What type of database?

Quoted text here. Click to load it

Well, I'll get flamed no matter how I answer this, but, with a router
you already have NAT from LAN1>LAN2, so that means the computers in LAN
1 can't access the computers in LAN2 unless you map ports inbound to

If you use a HUB, you could use a PFW solution, as long as you
understand how to configure it, to only allow certain (depending on the
PFW) access to the local computer, there are several complications with
this and without knowing what you want to allow access to (specific
database type/name) I can't say for sure.

Quoted text here. Click to load it

Why not put the database on one of the computers in LAN1? Put it on a
dedicated computer, locked in a closet, in LAN1, then all users can
access it.
Quoted text here. Click to load it

No, if they are on the same subnet it means that one LAN will have no
idea how to access the other.

A HUB expands your network with more jacks, a router (typical home user
type) isolates one network from the other in one direction, but should
NOT be the same network address range or there is confusion.

Quoted text here. Click to load it

Need more info - what type of DB?

remove 999 in order to email me

Re: Newbie... need basics

Leythos wrote:
Quoted text here. Click to load it
OK... that's what I thought... probably not a good idea...

Quoted text here. Click to load it
I was a little vague when I said that I wanted to "protect" the new
computers.  I want to protect these computers but not necessarily
isolate them.

Disregarding the database, I suppose I could put one computer on
router #1 as you mentioned below to allow sharing.

However, with the database (which is MS Access... sorry, legacy software),
I'm not sure how safe it would be to put it on a computer on router #1
(am I too paranoid?).  The only system with full access to the database
would be on router #2, so I'm not sure if it is "good practice" to
put the data on a router #1 system.

Sorry if this is confusing, as that is my state of mind...

Quoted text here. Click to load it
It is MS Access... so what do you mean that it's not "really secure".
BTW, my plan after all this is to port it over to something like MySQL.

Quoted text here. Click to load it
I think I'll look into this.  I'm just not sure how to keep it read-only.
I need to read up on MS Access security options.

Quoted text here. Click to load it

Ahhh... isn't this like the unix hosts file where it lists all the
systems?  doh!

Quoted text here. Click to load it

Re: Newbie... need basics

Leythos wrote:
Quoted text here. Click to load it

I forgot to ask...  So if I have these two routers can I eliminate
the need for the software firewall?

Re: Newbie... need basics

Bruce wrote:
Quoted text here. Click to load it

I know my way around a computer. HW,windows,SW.
but am new to networks. But i'm a small step ahead of you. So maybe can
advise a littl

routers,switches,hubs  and some more , try the book  computer
networking first steps by wendel odom.

that taught me the basics. Not much on VPNs though.  I'm still stalled
on a basic level though- which you haven't reached yet.

But you're with that equipment so you could get past that level more

Re: Newbie... need basics wrote:
Quoted text here. Click to load it
Thanks for the book reference.  I was hoping I could get
through the basics with some web references before I had to
get a book...

Re: Newbie... need basics

Bruce wrote:
Quoted text here. Click to load it

consider the other way around here.

networking is so broad .  googling doesn't have the necessary
organisation that a book has.  Don't think that a book is harder than
web links - sometimes they are, sometimes they aren't. I found that Web
links can fill in some gaps.

That guy that wrote the pcguide wrote this-
(the free version is organised in an annoying way, he charges for the
pdf which is structured in a way that makes it easier to jump around).
That link is deep and broad.  I found it quite useful for the OSI
layers, and sometimes, filling in some blanks. Mostly I don't find it
so well written, but it's very comprehensive - deep and very broad.

I found some " delmar " links very useful, this I just rediscovered via

this was a nice little link

there are of course RFCs - amongst those that i've looked at are
791,1122,1123, 1812
But maybe i'm more fanatical than you.

Site Timeline