Wired & Wireless connection on same box - Possible?

Configuration and other hardware related information

Wired & Wireless connection on same box - Possible?

Postby CyberRodent_X » Wed Apr 25, 2007 4:15 pm

Ok... here's the situation.

We have desktops running XP pro with wired connection to company domain.
We have a wireless router connected to a DSL line for guest connectivity.

We have a couple of contract employees who need to / have been configured to login to the corporate domain ... but also need to hit Gmail and MSN Messenger - both blocked by Websense on the corp. lan

Net Security wont unblock the sites, but has said they have no problem with them using the DSL for Gmail / MSN.

So we in the Service Desk have been tasked with finding a way that, either through internal wireless or usb wireless, we can get these guys to be able to access the wired network and get their internet connection from the wifi, with out them having to unplug / disconnect-reconnect / etc.

Any help would be greatly appreciated.

Thanks in advance.

CyberRodent_X / NetForce-TX
User avatar
CyberRodent_X
Mini Stumbler
 
Posts: 22
Joined: Fri Apr 18, 2003 8:35 am
Location: Houston, TX

Postby Thorn » Wed Apr 25, 2007 4:40 pm

It can be done by merely enabling both the wired and the wireless interfaces. However, if the users don't unplug/disconnect to switch, then you MUST make sure you don't -and the users can't- bridge the network connections, because otherwise you've got a back door from the outside direct into the corporate domain.

Also, figuring out the default routes can get pretty screwy if you don't know how the automatic metrics work. This will help:
[url=http://www.microsoft.com/technet/community/columns/cableguy/cg0405.mspx]
Windows XP and Windows Server 2003 Behavior When Connected to Both Wired and Wireless Networks[/URL]
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby CyberRodent_X » Wed Apr 25, 2007 5:32 pm

Thanks Thorn, thats what I was thinking ... that they would just enable both.
Its the routing that has me at a loss... and im affraid I understood nothing about the automatic metrics at the link you provided.

I don't suppose their is an easy way -- to tell say Firefox, and the IM messenger to just go out WiFi Connection 1 vs LAN Connection 1??

Hmm... maybe a small / portable proxy server running on the machine?
Setup to route out the wifi - and then point the browser and IM to the proxy?
Not sure ... and if its possible, any reccomendation on software?

Thanks again

CyberRodent_X / NetForce-TX
User avatar
CyberRodent_X
Mini Stumbler
 
Posts: 22
Joined: Fri Apr 18, 2003 8:35 am
Location: Houston, TX

Postby itsnotme » Wed Apr 25, 2007 5:37 pm

CyberRodent_X wrote:Thanks Thorn, thats what I was thinking ... that they would just enable both.
Its the routing that has me at a loss... and im affraid I understood nothing about the automatic metrics at the link you provided.

I don't suppose their is an easy way -- to tell say Firefox, and the IM messenger to just go out WiFi Connection 1 vs LAN Connection 1??

Hmm... maybe a small / portable proxy server running on the machine?
Setup to route out the wifi - and then point the browser and IM to the proxy?
Not sure ... and if its possible, any reccomendation on software?

Thanks again

CyberRodent_X / NetForce-TX


Ask the Net Security department, that's what they're there for.
User avatar
itsnotme
 
Posts: 1074
Joined: Wed Sep 04, 2002 10:19 pm
Location: Somewhere below Lake Ontario

Postby Thorn » Wed Apr 25, 2007 6:08 pm

CyberRodent_X wrote:I don't suppose their is an easy way -- to tell say Firefox, and the IM messenger to just go out WiFi Connection 1 vs LAN Connection 1??
I don't think that's possible.


CyberRodent_X wrote:Hmm... maybe a small / portable proxy server running on the machine?
Setup to route out the wifi - and then point the browser and IM to the proxy?
Not sure ... and if its possible, any reccomendation on software?
That may be possible, but I don't know. It may also be that IF a give port is blocked on one route, it MIGHT go to the other route, but I don't know.

Here's another MS article on Automatic Metrics that may help answer your question.

All-in-all, I'd think it would be easier and better to have a separate WLAN for the contract employees, have a VLAN for the that wireless, and allow only that VLAN to have access to MSM and Gmail. Assuming that you can do that kind of setup with Websense.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby Dutch » Wed Apr 25, 2007 7:04 pm

Cypher, just a CYA advice here :
Be sure to get the IT admins and the net security guys involved.
Allowing people to be on an wireless connection to the internet, while at the same time being connected to the corporate lan, is a major security risk, and IMNSHO an accident waiting to happen.
Bridging between the two NICS is as easy as rightclicking and select on Windows, and whammo : you got a way in to the corporate lan from the outside.

I know of several companies where it is an automatic pink-slip and an rentacop escort off the premises if people have done that, and at other companies, wifi NICS has been disabled in laptops of the same reason.

Let them know the possible implications, and let them decide whether they want such a hole opened up, or prefer to enable another way of accessing MSN and GMAIL.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby wrzwaldo » Wed Apr 25, 2007 7:25 pm

wrzwaldo
 
Posts: 8995
Joined: Sun Dec 14, 2003 12:43 pm

Postby beakmyn » Thu Apr 26, 2007 4:25 am

Have you tried changing the binding order under the advanced menu item?

Open "Network Connections" from control panel and there should be Advanced > Advanced Settings.

Try playing around with the binding order and file/sharing on/off for lan/wlan

Then again you have now dual homed the machine and have bypassed the firewall, opening a whole new can of worms.
beakmyn
 
Posts: 4858
Joined: Sun Aug 03, 2003 1:53 pm


Return to Hardware

Who is online

Users browsing this forum: No registered users and 7 guests