Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Make a network segment read only?

  • 29-12-2012 01:04AM
    #1
    bluferbl
    Registered Users, Registered Users 2 Posts: 171 ✭✭


    Hello,

    Here's the scenario...

    Network 1 is trusted and contains a couple of PCs, a network printer and a Bufallo NAS. The NAS is used for backups and software storage.

    Network 2 has random PCs connected to it and they should be considered unsafe. Computers on network 2 need read only access to the NAS (or anything else) on network 1. Due to the way the NAS has to be configured, it's not possible to set access permissions to control read/write access to it - if only it could be that simple!

    Both networks need internet access through a single ADSL connection. Both networks are in the same room.

    Current network setup is the ADSL modem is in another room but is connected with power line plugs to the room which contains the two networks mentioned above. The power line plug connects to an unmanaged 24 port gigabit switch.

    I'm looking for a cheap way to achieve the goal of allowing the PCs on network 2 to read the NAS but not write to it and to have internet access. I don't really want to have a multihomed PC running running some sort of open source filtering software - if that's what you might be thinking ! :-)

    Any ideas?

    Thanks in advance.

    David


Comments

  • #2
    PogMoThoin
    Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Not really possible, network policies don't control read/write policies on individual devices. Is the NAS a windows device? If it is look into creating a domain with active directory. If it's a home network it's way too much trouble though.


  • #3
    gctest50
    Registered Users, Registered Users 2 Posts: 9,534 ✭✭✭gctest50


    bluferbl wrote: »
    Network 1 is trusted and contains a couple of PCs, a network printer and a Bufallo NAS. The NAS is used for backups and software storage.

    Network 2 has random PCs connected to it and they should be considered unsafe. Computers on network 2 need read only access to the NAS (or anything else) on network 1. Due to the way the NAS has to be configured, it's not possible to set access permissions to control read/write access to it - if only it could be that simple!

    May be an idea / or may break it properly..

    http://buffalo.nas-central.org/wiki/Custom_firmwares

    http://buffalo.nas-central.org/wiki/Main_Page


    might allow it to run a lightweight webserver like

    http://acme.com/software/thttpd/
    bluferbl wrote: »
    Computers on network 2 need read only access to the NAS

    The PCs in Network 2 can access files on the NAS through a webbrowser.

    Then you could put a little firewall between Network1 and Network2 since :
    bluferbl wrote: »
    Network 2 has random PCs connected to it and they should be considered unsafe.

    ***********************************

    Alternative/better idea - eliminates risk of bricking the NAS :

    Get a tiny pc , put it inside network 1 , get it to mount the files on the NAS and serve them up from a webpage

    Then just allow the random PCs on Network 2 to access the little webserver on Network 1 via the firewall


    Separating the two networks a little bit would be a good idea whichever way you decide on


  • #4
    bluferbl
    Registered Users, Registered Users 2 Posts: 171 ✭✭bluferbl


    Thanks for the replies. Back to the drawing board! I have a half baked solution in my head that I'll need to think through. Cheers!


  • #5
    skeg16
    Registered Users, Registered Users 2 Posts: 314 ✭✭skeg16


    would VLANs work...access to the nas would be the tricky bit


Advertisement