Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Make a network segment read only?

Options
  • 29-12-2012 2:04am
    #1
    bluferbl
    Registered Users Posts: 171 ✭✭


    Hello,

    Here's the scenario...

    Network 1 is trusted and contains a couple of PCs, a network printer and a Bufallo NAS. The NAS is used for backups and software storage.

    Network 2 has random PCs connected to it and they should be considered unsafe. Computers on network 2 need read only access to the NAS (or anything else) on network 1. Due to the way the NAS has to be configured, it's not possible to set access permissions to control read/write access to it - if only it could be that simple!

    Both networks need internet access through a single ADSL connection. Both networks are in the same room.

    Current network setup is the ADSL modem is in another room but is connected with power line plugs to the room which contains the two networks mentioned above. The power line plug connects to an unmanaged 24 port gigabit switch.

    I'm looking for a cheap way to achieve the goal of allowing the PCs on network 2 to read the NAS but not write to it and to have internet access. I don't really want to have a multihomed PC running running some sort of open source filtering software - if that's what you might be thinking ! :-)

    Any ideas?

    Thanks in advance.

    David


Comments

  • Options
    #2
    PogMoThoin
    Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Not really possible, network policies don't control read/write policies on individual devices. Is the NAS a windows device? If it is look into creating a domain with active directory. If it's a home network it's way too much trouble though.


  • Options
    #3
    gctest50
    Registered Users Posts: 9,605 ✭✭✭gctest50


    bluferbl wrote: »
    Network 1 is trusted and contains a couple of PCs, a network printer and a Bufallo NAS. The NAS is used for backups and software storage.

    Network 2 has random PCs connected to it and they should be considered unsafe. Computers on network 2 need read only access to the NAS (or anything else) on network 1. Due to the way the NAS has to be configured, it's not possible to set access permissions to control read/write access to it - if only it could be that simple!

    May be an idea / or may break it properly..

    http://buffalo.nas-central.org/wiki/Custom_firmwares

    http://buffalo.nas-central.org/wiki/Main_Page


    might allow it to run a lightweight webserver like

    http://acme.com/software/thttpd/
    bluferbl wrote: »
    Computers on network 2 need read only access to the NAS

    The PCs in Network 2 can access files on the NAS through a webbrowser.

    Then you could put a little firewall between Network1 and Network2 since :
    bluferbl wrote: »
    Network 2 has random PCs connected to it and they should be considered unsafe.

    ***********************************

    Alternative/better idea - eliminates risk of bricking the NAS :

    Get a tiny pc , put it inside network 1 , get it to mount the files on the NAS and serve them up from a webpage

    Then just allow the random PCs on Network 2 to access the little webserver on Network 1 via the firewall


    Separating the two networks a little bit would be a good idea whichever way you decide on


  • Options
    #4
    bluferbl
    Registered Users Posts: 171 ✭✭bluferbl


    Thanks for the replies. Back to the drawing board! I have a half baked solution in my head that I'll need to think through. Cheers!


  • Options
    #5
    skeg16
    Registered Users Posts: 314 ✭✭skeg16


    would VLANs work...access to the nas would be the tricky bit


Advertisement