Private and Public Networks with DHCP, DNS, AD-DS

Similar Messages

• Is this type of set-up possible - private and public network with Airport

  We have an office network with Airport. We have internet with a cable modem with routers plugged to it. The network is not now shared with anyone outside the business.
  But would it be possible to add a public component to our setup that would give others access to the internet but never, never, never allow them to enter/see/ mess with the private side?
  Tim

  Sorry to intrude, I came across this thread while I was looking for some other information and thought that there needed to be a point of clearification to identify some major security vulnerabilities.
  With the current config, Cable Modem->Wan port of Router A->Router B plugged into LAN port on Router A
  1. Traffic from Router A would see all traffic sent from router B out to the internet, if I was able to sniff the traffic on router A then I would see everything that router B was passing to the internet...not good idea if Router A is public, (traffic would not be encrypted since this is a hard line pass to the cable modem).
  2. Router A will always be able to see the interface of router B (have to have it this way to perform the passing of IP traffic from one router to the other.) This means that router B will be open for brute force login attempts and any other vulnerabilities that the router might carry, again since this is being accessed from a publicly accessible network it would be hard to stop from happening in todays world.
  3. Router B subnet - If you NAT all the IP's behind router A on it's on subnet (which would include Router B). Uunless router B truly has two interfaces (internal and external) you would not be able to use different subnets and expect to pass traffic all the way to the cable modem because it would not know how to get there.
  Again, this post is not meant to cause annomosity, it is to help educate.
  I personally think that the safer bet is to get a second hi-speed connection, physical seperation in this case is the best way to go, saves you the worry of getting attacked or snooped on, and keeps your private information safe from the public...unless that is something that you are willing to risk sharing.

• Using an airport extreme in both bridged mode and guest network with DHCP

  I currently use a third-generation airport extreme in bridge mode to connect my various Mac servers To the Internet. I'm using bridge mode on the AirPort Extreme because I have up to five static IP address (only using three now) I am currently not using the wireless network, and none of the servers are serving DHCP. I am looking at the Newer airport extreme with guest network Wi-Fi. My question is, does the new airport extreme base station support bridge- mode for any devices and host DHCP for the guest network connecting wirelessly to the base station?

  The AirPort Extreme cannot be in Bridge Mode and support a Guest Network.
  The AirPort must be configured to provide DHCP and NAT services if you want to enable the Guest Network function.
  If you really do have a 3rd Gen AirPort Extreme, it will support the Guest Network feature if you connect the AirPort directly to a simple modem.....not a modem/router or gateway type of devices.......and configure the AirPort to provide DHCP and NAT services for the network.

• How to get the private and public key?

  there is my code,i want to get the public key and the private key �Cbut i could not find the the approprite method to solve the problem.
  import java.security.Key;
  import javax.crypto.Cipher;
  import java.security.KeyPairGenerator;
  import java.security.KeyPair;
  import java.security.Security;
  public class PublicExample {
  public static void main(String[] args) throws Exception {
  if (args.length != 1) {
  System.err.println("Usage:java PublicExample <text>");
  System.exit(1);
  byte[] plainText = args[0].getBytes("UTF8");
  System.out.println("\nStart generating RSA key");
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
  keyGen.initialize(512);
  KeyPair key = keyGen.generateKeyPair();
  System.out.println("Finish generating RSA key");
  Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
  Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
  //System.out.println("\n" + cipher.getProvider().getInfo());
  System.out.println("\nStart encryption");
  cipher.init(Cipher.ENCRYPT_MODE, key.getPublic());
  byte[] cipherText = cipher.doFinal(plainText);
  System.out.println("Finish encryption:");
  System.out.println(new String(cipherText, "UTF8"));
  System.out.println("\nStart decryption");
  cipher.init(Cipher.DECRYPT_MODE, key.getPrivate());
  /*i want to get the private and public key in this method ,but i found the result was not
  the one i expected to get,how to solve the problem?
  thanks in advance!
  System.out.println("private key:" + key.getPrivate().toString());
  System.out.println("public key:" + key.getPublic().toString());
  byte[] newPlainText = cipher.doFinal(cipherText);
  System.out.println("Finish decryption:");
  System.out.println(new String(newPlainText, "UTF8"));
  thanks in advance!

  System.out.println("private key:" +
  " + key.getPrivate().toString());
  System.out.println("public key:" +
  + key.getPublic().toString());
  key.getPrivate() returns an instance of PrivateKey and key.getPublic() returns an instance of PublicKey. Since PublicKey and PrivateKey are interfaces then they will return one of the concrete implementations. Check out the Javadoc for PublicKey and PrivateKey.
  When you know which concreate implemenation you have then you can use the methods on that object (by appropriate casting) to find the information you want.

• Brief HOWTO: subnet with DHCP, DNS and forwarding

  I finally took some time today to learn how to set up a DHCP server for ad-hoc direct wired connections and ended up with DNS and subnet forwarding too. I have posted a summary along with a launcher script here.
  I would be interested in feedback from users with more network configuration experience. Are there any glaring security holes or stupid mistakes in my setup? If not, I plan to add links to the relevant articles in the wiki as I would have liked more concrete examples when I was setting this up. I felt like I was just cobbling together bits and pieces from different sources and it took some trial and error to get forwarding working right with limited permissions.
  edit
  I already realize that I can tie it down further by specifying source ranges for incoming traffic from the wired subnet.
  Last edited by Xyne (2012-12-16 00:08:49)

  Hi,
  Could you type “route print“ on CMD, and post the result here?
  It would be helpful if you may describe the phenomenon of the problem? such as changes before the problem occurs, any prompt error message, related operations except for these logged Event ID.
  You may reference the link below for reference.
  Event Source Userenv and Event ID 1503:
  http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1053&EvtSrc=Userenv&LCID=1033
  Event Source NTDS and Event ID 1126：
  http://support.microsoft.com/kb/305837
  DNS 6702：
  http://technet.microsoft.com/en-us/library/cc735806(v=WS.10).aspx
  Best Regards,
  Eve Wang
  Thanks Eve! I appreciate your attempt to help. I inadvertently posted my reply for the Route table without quoting you first. Sorry about that.
  As far as the problems go, time to logon to server > 5 minutes. Group Policy issues abound. DNS issues (as mentioned). Thought I had an easy one for you. Sorry about that.
  I have one client computer running Windows 7x64 (call it My Workstation) that I back the server and other client PC's up to. The clients have no problem, but after a day or two, the server can no longer "see" the My Workstation and the backup fails.
  But then when I reboot the My Workstation, the server "sees" it again!
  Furthermore, I backup a 10TB RAID 6 array on
  My Workstation to yet another client for redundancy (Call it WORKSTATION2-PC), but if I try to click on the computer icon in Windows Explorer for WORKSTATION2-PC, I get the error "Windows cannot access \\WORKSTATION2-PC. However if I type in
  the ip address or WORKSTATION2-PC, I have no problems.
  tmath2 in Houston

• Connection problems with idea pad and public network

  My Lenovo Idea Pad connects fine at home on our ATT internet connectoin, but will not connect to a local public network at a local departent store.  Anyone having suggestions email me at xxxxxxxxxxxxxx  Thank you!\
  Richard
  Moderator note; e-mail address removed to stop the spambots getting it

  I just saw your post and I resolved this on mine for my wired connection. I'm willing to bet that the issue is the same for wireless. Here's what I found.
  Issue:
  During the installation, iTunes installs some network components related to mobile device support over ethernet(Apple Mobile Device Ethernet Service - netaapl.inf). At the same time, according the logs, the install process removed OEM18.inf. This almost exactly coincided with the time that I saw the network connection die (preceded it by a few seconds).
  Basically, iTunes appears to be removing a required network component.
  Resolution:
  After installing iTunes and the network connection breaking, remove the network device from Device Manager and allow Windows to reinstall it automatically.
  The following instructions are for Windows 7, but they are close enough to follow for other versions of Windows.
  1. Click the Start button (Jewel in Vista and Win7).
  2. Right-click Computer and click Manage in the menu that appears (type your password or click Yes if prompted).
  3. On the left side of hte Computer Management window, click Device Manager.
  4. Click the arrow (or plus sign) next to Network Adapters to expand that section.
  5. Right-click your network adapter and click Uninstall in the menu that appears.
  6. Click OK.
  7. Reboot.
  Windows should automatically detect and reinstall your network device on boot.

• Update Policy for multiple networks with specific DNS servers

  I have a mid size network with 5 locations all with different IP addresses. All sites host their own DNS servers and connect directly through an ISP dedicated VLAN.
  Main Site
  10.1.1.1
  255.0.0.0
  Remote Site 1
  192.168.100.1
  255.255.255.0
  Remote Site 2
  192.168.101.1
  255.255.255.0
  Remote Site 3
  192.168.102.1
  255.255.255.0
  Remote Site 4
  192.168.103.1
  255.255.255.0
  All sites can be managed through the main site, but have their own DNS servers on location.
  My purpose is to point all computers and devices to a new DNS server from their previous static assignment. (XP and later versions)
  My question is can I use GP or DHCP* to push DNS server information to each device making them site specific without having to travel to those locations?
  Requirements:
  All devices on 10.1.1.1 will be changing from 10.1.1.2 to 10.1.1.4 (decom of old 2k3 server)
  DNS servers at each 192 location will need to point secondary server to 10.1.1.4
  Devices at main will need to use 10.1.1.4 as primary and 10.1.1.3 as secondary.
  Devices at each site will need to keep their respective DNS server.
  *If I use DHCP to change the information on a per scope level, can I use GP to force computers with locally set static assignments to update to DHCP static assignments
  Bonus: If anyone can give me an estimate on how much network traffic/bandwidth this would create that would be great because I would consider staggering the assignments as I am a 24 hour business.

  Hi,
  You may configure a Scheduled Task Item in Group Policy.
  To create a new Scheduled Task preference item, please follow the steps below,
  Open the Group Policy Management Console . Right-click the Group Policy object (GPO) that should contain the new preference item, and then click
  Edit .
  In the console tree under Computer Configuration or
  User Configuration , expand the Preferences folder, and then expand the
  Control Panel Settings folder.
  Right-click the Scheduled Tasks node, point to
  New , and select Scheduled Task .
  In the New Scheduled Task Properties dialog box, select an
  Action for Group Policy to perform. (For more information, see "Actions" in this topic.)
  On the Task tab, enter task settings for Group Policy to configure or remove. (For more information, see "Task settings" in this topic.)
  If creating, updating, or replacing a task:
  Click the Schedule tab, and configure one or more schedules for the task. (For more information, see "Schedule settings" in this topic.)
  Click the Settings tab, and enter any additional task settings for Group Policy to configure. (For more information, see "Other scheduled task settings" in this topic.)
  Click the Common tab, configure any options, and then type your comments in the
  Description box. (For more information, see
  Configure Common Options.)
  Click OK . The new preference item appears in the details pane.
  In the task, you may use netsh to set the DNS address.
  netsh interface ip set dns name="Local Area Connection" static yourdnssetting
  Here is an article about netsh command,
  http://technet.microsoft.com/en-us/library/cc738592(v=WS.10).aspx#BKMK_5
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Airport Express and wired network with static IPs

  I have a wired network with static IPs. I have a block of free IPs I can use to connect to this network. Manually setting any of one IP from this block on my MacBook Pro via ethernet works great - full network connectivity including internet.
  What I wish to do is add an Airport Express in between my MBP and the network, so that I may have greater freedom (wireless opposed to wired). Is the AX capable of this? If yes, what are the correct settings? Keep in mind there is no DHCP server on the network.
  I have tried giving the AX an IP manually and then accessing it from the MBP having the AX share IP (effectively becoming it's own DHCP server?). This gives internet connectivity, but I can't see any of the servers on the network. I assume because I'm now on a new subnet.
  So I then changed the AX settings to not distribute an IP and gave the MBP another IP from the block (different from the AX). This gives me the network, but no internet.
  What am I doing wrong?

  Okay, I made a mistake and forgot to set the DNS servers manually. It seems the second method works fine. I've set up WPA2 security as well - I'm assuming this is okay in this situation. What is the correct term for this setup? A wireless access point bridge? Is there anything more I should know about this setup? TIA

• VIP and Public Network on Extended Rac

  Hi Everybody
  I want to install Oracle Extended Rac on two Sites which is 25Km far and the spec is :
  Oracle 11.1.0.6
  HP PA-RISC server
  EVA Storage
  my problem is
  each of my sites has different subnet for public network so for VIP failover there is a problem.
  how can solve this problem.
  can we have two site with on subnet? how?
  I have this problem eith Interconnect too.
  thanks anyway
  Hashem

  hi
  mind oifcfg tool
  http://www.databasejournal.com/features/oracle/article.php/3651826/Oracle-RAC-Administration---Part-12-RAC-Essentials.htm
  and
  http://download.oracle.com/docs/cd/B28359_01/rac.111/b28255/oifcfg.htm

• Assosciation private and public

  I would like to have some responses from you guys. From OOAD point of view what are the considerations to be kept in mind before making an assosciation private or public.
  Any ideas would be welcome

  Containment associations will most often be private.
  Consider the following:
  Class Node is to be kept in a list which Class A manages.
  First example.
  Class Node is defined as a private inner class of Class A. Class A keeps a list of Nodes using a private instantiation of the ArrayList class. Node is private. The ArrayList is private. So when diagramming it the association is certainly private.
  Node is wholly owned and contained by A. If A is deleted then all Nodes are deleted.
  In this case one might make the point that because this is entirely private that it implementation rather than design. So it shouldn't be diagrammed at all. But sometimes it is necessary to do this to show how it will meet the needs of the system (or because a junior programmer is doing the coding and you want it to be painfully obvious.)
  Second example
  Class Node is a public class (not part of Class A.) Class A keeps a list of Nodes using a private instantiation of the ArrayList class. So when diagramming it the association is certainly private.
  Again in this case A owns all of the Nodes.
  Again the association could be consider an implementation detail (diagram is not necessary.) But because there are now external users, it might be more relevant to detail explicitly that a list of these is being kept.
  For the above two examples 'private' might also serve the need of the code generation capability of the two. Neither of the above associations should ever be implemented publicly.
  Third example
  A variation of the examples above is where the association is to be managed by one or more external systems. If there is one external system then it can own it. But if there is more than one, then the assocation must be public.
  In this case it is certainly possible (and likely) that A does not own the Nodes that it is associated with.
  Fourth example
  If the relationship between A to Node is many to many than the association is always external to A and Node. So unless it is explicitly owned by a single external system it must be public. Never make the mistake of trying to have either class try to own it.
  In this case A never owns the Nodes that it is assocated with.

• Can Airport Express extend the private and guest networks simultaneously?

  Can the Airport Express be used to extend the private and guest WiFi networks coming from the base station simultaneously, or can it only be an extension for one of the two at a given time?
  Joe

  Can the Airport Express be used to extend the private and guest WiFi networks coming from the base station simultaneously
  Yes, either by a wireless connection or Ethernet connection to the base station.....assuming that both the base station and extender are using firmware 7.6.3 or higher and AirPort Utility 6.3 is used to configure both AirPorts, which must be dual band models.

• Creating and Extended Network with 2 Airport Express Units

  I had an extended network using 2 express units but one of them broke. The old network was setup with an older version of Airport Utility and I can't seem to repeat the set up a new network with the new express unit I have bought.
  The simple setup procedure using Airport Utility 5.5.1 only appears to allow you to 'join' the remote Express unit to an existing network, there is no 'extend remotely' option.
  I remember doing it last time by creating a WDS network which agrees with instructions I have found here - http://broadcast.oreilly.com/2009/03/taming-an-airport-express-wds.html
  I set up the first Express as a base station with a network and select 'Participate in a WDS network' and 'Allow this network to be extended' under the wireless tab. Under the WDS tab I 'Allow wireless clients' and add the hardware address of the second express unit.
  I then update the express unit but I get a WDS error which states, "This Airport wireless device is set up as part of a WDS network but no other AirPort wireless devices were found."
  This seems to be a chicken and egg situation.
  Any help would be appreciated.
  Alan

  Alan, welcome to the discussions!
  It appears that you want to set up a WDS arrangment, correct?
  But, I can't figure out whether you want to configure it with a "base" and two "remotes", or whether you want to configure it with a "base", "relay" and "remote"
  Can you clarify? I'll send you a link with instructions from forum expert user Tesserax with step by step instructions. Just need to know what set of instructions to send.

• Log in to a Public Network with Safari

  I have tried to log in to a Hotel airport network with Safari and get the 'Site doesn't exist" page and it will not go further. I have a strong signal and the correct IP numbers. On a whim I switched to Firefox and Bingo there was the login page. I presently have both browsers open and they both work now that I'm logged in. Can anyone explain this behavior to me.

  Look at iOS Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398
  Done - it does not address my issue
  Also try this - Turn Off your iPad. Then turn Off the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Done and done; does not resolve the issue.
  To clarify: I am trying to log into an existing home WiFi network. Signal comes in to a  (DSL) modem/router ["ZyXEL P-600 series" 802.11 b/g}. This is administered via a Windows PC (running a Czech localized version) directly by Ethernet cabling.
  There are 2 password protected networks "on" this account.
  17" MacBook Pro sees both channels, and can log into either. (and auto-connected as a remembered Network from a previous visit, to one channel)
  15" Macbook Pro sees both channels, and can log into either.
  BOTH of our IPad 2's see both channels. Both of the iPad 2's present a password entry window when selecting either channel. I enter the exact same password that I entered into the laptop(s), for the appropriate channel.
  "Unable to connect to [channel name]" is the consistent response.
  Again, the iPads see the network options, and I have typed in the correct passwords using the US English and the Czech QWERTY keyboard options, and the iPads will NOT connect, whereas the laptops work perfectly with the same Network channel passwords.
  I would understand an alphanumeric password being a potential snag, given the different key mappings, but the main account is a simple 5 (five) digit numeric password.

• Extend both main and guest networks with a 2nd Time Capsule?

  I have a 4th generation 2TB Time Capsule set up to broadcast primary and guest networks.  I am running out of storage.  I would like to increase my storage and I would also like to extend both primary and guest networks.
  I currently use an older Linksys router (WRT330N) operating in bridge mode (wired connection to the TC) to extend the primary network, but it does not extend the guest network.
  If I purchase a second (5th generation) Time Capsule to replace the Linksys, can it be set up to extend both the primary and guest networks?
  From searching the forum, it appears not, but I'd like to confirm.  Is true for both both wireless and cabled range extension options?
  If I'm not able to extend the guest network this way, I'm inclined to settle for extending the primary network as I currently do and look for other ways to increase my network storage capacity (e.g. by upgrading the drive in my existing TC).

  If I purchase a second (5th generation) Time Capsule to replace the Linksys, can it be set up to extend both the primary and guest networks?
  Yes, either using wireless or an Ethernet connection between the two Time Capsules, providing that the 4th Gen Time Capsule is running at least firmware version 7.6.3.
  A wired Ethernet connection between the two Time Capsules is highly recommended. If you plan to extend using wireless, the second Time Capsule will need to be located where it can receive a very good signal from the first.

• Extending Time Capsule primary and guest networks with 2nd Time Capsule

  Hi
  I have two Time Capsules. The first is configured to run a primary and guest network. It is connected to an ADSL modem. All of this works fine.
  The second Time Capsule is cable connected to the first, in a 2nd location (a next door building).
  I want the 2nd Time Capsule to extend _both_ primary and secondary networks in its location.
  How do I configure the 2nd Time Capsule (and the first if there is anything I have to do there to get this to work).
  Please! and thanks...
  Graham

  Sorry, but the Guest network cannot be extended either through wireless or Ethernet.
  If you would like to see this feature in a future product, you might want to let Apple know
  Apple - Time Capsule - Feedback