[gamefreak94]

What I want is something like this:

Actually I had it configured like this by one of my relatives who's mastered in networking, but 2 months ago I upgraded to Windows RTM so all the configuration was lost, plus the router config also went haywire a month or so ago and I sent it to my ISP; came back with default settings (only alteration I've made is set a strong admin, and wireless access password).

P.S. I also have a second PC (old P3) which I want to be included in this private LAN (it'll be connected via Ethernet cable as well).

So in short what I want to do is:

- Allow only the 3 MAC addresses which are my machines, to be able to access the router.
- Make the WiFi network hidden (of course, should still be accessible from my laptop).
- Allow file-sharing in Windows (Right-click on drive --> Allow sharing, is that it?)
- Arrange security precautions so that this private LAN is only accessible by the 3 machines which are mine.

So what am I supposed to do in the router setup to achieve this? Masta?

 

[Naix]

Dunno about the laptop.

I might be able to tell u about the two pcs. Connect one pc to the router with the ethernet cable and other pc to the router via usb. That makes internetz available to both the pcs. If i'm right your both pcs can now interact with eachother. To Share files yes, just right click -> allow sharing. The shared files should be now in network folder of windows or if you want to use shared drives just go to cmd -> net use drive: \ipaddress of the pc. Of course sharing drives isn't recommended.

 

[gamefreak94]

Router doesn't have a USB slot :O I'm sure if I just allow sharing I'll be able to transfer files to and from the PCs, but before doing that I want to make suitable security arrangements (which is why I made this thread).

 

[Naix]

when your not interacting with the other pc go to serivces.msc and turn the tcp/ip netbios helper service off. That should prevent others from using your shared device. I don't think there is a way to allow only 3 MAC addresses correct me if i'm wrong.

 

[masta.g.86]

- Allow only the 3 MAC addresses which are my machines, to be able to access the router.

Well, there's really no point in enabling this for the computers that are physically connected. (There shouldn't be an option for them anyway.) It's pretty easy and straightforward to do. I'll assume you already know how to access your router...

View attachment 206710

Click on the 'Wireless Client List' button and you'll see all of your wireless clients. (So long as they are turned on and have access to the router.) Just put a checkmark in the associated box and click 'Add' to add the device's MAC address to the address list. Then be sure to enable the filter and ALLOW access of the device(s) in the list and save your changes.

If your model doesn't have an auto-add feature, you'll have to manually look up the MAC addresses for you devices and add them in to the MAC address table manually. <- A pain in the ass.

- Allow file-sharing in Windows (Right-click on drive --> Allow sharing, is that it?)

I won't lie. This part can be seriously painful depending on how your computers are configured.

View attachment 206712

In Windows 7 (Vista?), go to Control Panel > Folder Properties. You'll be able to find this option. Turn it on. In XP, look for 'Use Simple File Sharing' in the same location.

Using simple file sharing is by far the easiest way of doing things. "Advanced" file sharing is painful to the inexperienced and has a lot of points to go over, so I'm simply not going to cover them. (Google and Windows Help are better suited for this anyway.)

View attachment 206713

Now, go to the Network and Sharing Center (Vista/7). Click 'Advanced Sharing Settings' (left pane). Turn on 'File and Printer Sharing'.

View attachment 206716

For XP (and older), go to the network device's networking properties and make sure 'File and Printer Sharing' is installed and turned on.

View attachment 206714

Now bring up your system properties and go to the 'Computer Name' page. Click 'Change' and set every computer on your prospective network to the same workgroup ID.

Now you just need to share some folders and the various computers on the network.

- Make the WiFi network hidden (of course, should still be accessible from my laptop).

View attachment 206715

This is accessible by right-clicking your access point and selecting 'Properties'. I can't remember where a similar page is in XP. Just turn on 'Connect even if not broadcasting... blah blah blah...'.

View attachment 206711

Then turn off the SSID Broadcast on your router.

NOTE: Some devices must have the SSID in order to connect. If you have to turn it back on, it's no big deal. You already only allow specific MAC addresses to connect wirelessly and hopefully have a strong (and AES encrypted) password set on the router as well, right?

- Arrange security precautions so that this private LAN is only accessible by the 3 machines which are mine.

If you've performed the above, you're good to go. The weakest link is the router itself as you can generally get internet and network access by plugging an RJ-45 cable in, but at the same time, that doesn't matter. If you see a networking cable plugged in to your router that leads out the window, you're probably being h4x0rd... by Naix.

Oh yeah, be sure to have a password set to actually access your router. You may also want to turn off the ability to log in to the router via wireless:

View attachment 206717

 

[gamefreak94]

o_0 Quite the comprehensive guide you've come up with there. Thanks a lot!

Just one little issue I'm having: When allowing access to my laptop from the MAC filter, I entered the laptop's MAC address to the permit list via the Wireless Client Table, but when I went ahead to save the settings, I got an error saying "Invalid MAC address format" :???:

Edit: I'm starting to suspect borked firmware:

The field label for the addresses also remains "Prevent" even if I check the Permit box above.

 

[masta.g.86]

You may have to do one thing at a time. That is to say:

Enable -> Save

*Enter MAC Address* -> Save

Permit -> Save

I had to do this on an older router that for some reason wouldn't save when multiple changes were made.

The other thing it could be is that while filling in your laptop's MAC Address, it's removing the colons. Be sure the MAC Address is 12 characters and looks like this: 00:19:1D:E4:7C:C0 <- Hexadecimal grouped in pairs, separated by colons.

 

[gamefreak94]

Not working Returns the same error even if I do it step-by-step.

Bah! Who cares anyway! SSID broadcast is off, so unless someone's HELL BENT on breaking into my system and manages to guess the network name, security type, and the 14 character alpha-numeric AES encrypted password key adn the homegroup password, I'm safe lol

 

[gamefreak94]

Yay! It's done. Made a homegroup (with password) and added my laptop to it, public folders are fully sharable. Now to add more folders/drives to it.

One last hurdle: ESET Personal Firewall :/ No biggie, just need to allow file sharing, the thing is, when I click on "Change the protection mode of your computer on this network", I'm asked which subnet I want to apply the changes on:

(will reveal the erased numbers if necessary xD).

I'm guessing one of the subnets is my local trusted network, and the other is the larger LAN (i.e. other subscribers to my ISP). Don't wanna allow sharing on the wrong subnet or I'm screwed for sure. How can I identify which is which? Went into the "details" of the trusted network, and it just said "255.255.255.0" and that's stated on both subnet in the screenie posted above. Checked the "status" of my router from the router setup, and it says "255.255.254.0" :???:

 

[masta.g.86]

Whichever IP address your router is assigned to is the one you want to select... I think. :/

WTF is ESET?

EDIT: Actually wait. Is one of those IP addresses your laptop's?

 

[gamefreak94]

Nope. It's different from anything in the network details :/

P.S. ESET = company that makes Nod32, I'm using ESET Smart Security (on both the PC, and the laptop).

I think I'm just going to use simple trial and error, allow one, see if it works, if yes --> good, if not, quickly change to the other.

Edit: It's cool, the first one was the right subnet. File sharing now working with firewall on.

Thanks again masta! Couldn't have done it without your guidance!