Public and Priviate network from same cable modem - more questions please

A couple of weeks ago I asked about having both a privite network and a public wireless network that would work from one cable modem. The requirement is that the private network not be seen or be "hackable" by users on the public network.
Duane gave us the approach to use and we think we have it right, but because the security of our private net is so important, we want to make sure. We will not do the public network if the security of our private network is in danger.
Here is how things look:
Cable modem --> Router 1 WAN port
Router 1 regular ports --> Private Network -and- Router 2 WAN port
Router 2 regular port --> AirPort Extreme WAN port
We have our public network set up as WPA Personal and we broadcast the network name. The password for this network will be shared wiith users as they enter our public area where they can use their PCs. The default login/password on both routers and the AirPort Extreme have been changed. Connecting via AirPort to the public network I can see Router 2 but not Router 1 or any of my computers, printers, etc. when I browse the network via the Finder.
Do I have it right?
Does this setup give users on the public network any way to get to my private network, computers, and files? Are there any tests/experiments that I could run to further validate this setup?
How secure is it?
Am I asking for problems by offering a public network that shares some of the resources of the private network - modem, MAC address, IP addresses of routers, etc.
From the public net we have attempted to use the IP addresses of the computers on the private network without success.
The best answer I could receive is that there is no way to hack the private from the public. If this is not the answer, how secue am I.
Tim

When you state "Router 1 regular ports(8) feeding Private Network..." do you mean that there is another private router or are the private clients directly connected to router 1?
If you have a private router, the public devices connected to the AirPort Extreme base station (AEBS) could address and reach anything on Router 1 including the private router's WAN side.
The firewall in private router should block any of the public access to clients of private router. So any traffic from private router should be safe as long as the public has no physical access to router 1 nor router 2's WAN port.
If the private clients are directly connected to router 1, then the public clients can directly access any of your private clients. The traffic among private clients and from private clients to Internet would be secure (as long as my previous note about physical access is true).

Similar Messages

  • How to create 2nd Wifi Network from one cable modem

    Hello, I am trying to create a 2nd wireless network from one cable modem.  Currently I am using an Airport Express connected to the cable modem.  I also have an unused Airport Express that I would like to use for the 2nd network.  The Motorola modem has only one network cable port in the back.  I am currently using Time Warner as my service provider.  Can someone tell me if a network switch would suffice or would I need a new router, and how would I set them up?  Thanks.

    Unfortunately you will not be able to create two separate Wi-Fi networks with the current models of the AIrPort Express that you have. You would need at least one 2nd generation Express and one 1st generation Express to do so.
    The 2nd generation Express would be connected directly, using Ethernet, to the Internet modem, and the 1st generation Express would be connected, via Ethernet to the 2nd gen. In this configuration each Express could be configured to provide a separate Wi-Fi network with each using a different security type.

  • Why am I getting 2 IP addresses from the cable modem?

    I recently renewed my IP address for my cable modem (by booting into Windows and doing the ipconfig thing). It did this successfully and assigned me a new static IP.
    However back in OS X I am now getting two IP addresses depending on whether I connect by ethernet or Airport. When I connect my MacBook straight to the cable modem by ethernet it gives me the new IP address. However when I connect the Airport Extreme Base Station to the cable modem and do all the relevant restarting, it insists I still have the old IP address. This can't be right. Is it an errant preference hanging about in the Base Station? I have tried restoring it to default and setting up from scratch but it persists.
    I know the difference between public and distributed addresses... the two I'm talking about are the public kind (e.g. 82.114.223.43 etc)

    What do you mean by "old" and "new" IP addresses? What TYPE of IP addresses are you talking about? Specific numbers for example?
    In general, the typical cable modem set up should work as follows: your ISP will assign an IP address to your cable modem. This IP address can be permanently fixed (static) or occasionally change (dynamic) - whether you get a static or dynamic IP address depends on your ISP. This IP address is considered your "public" IP address.
    What you plug in directly after the cable modem will take on this IP address, since the cable modem merely passes on the IP address info (and serves no routing functions). So, if you plug in your MacBook directly to the modem, your MacBook will take on the IP address that your cable modem passes through, as assigned by your ISP; only your MacBook will have internet access.
    On the other hand, if you plug in to the modem a router, such as Airport Extreme Base Station, the router will be assigned the "public" IP address received from the cable modem on its WAN (wide area network) side, i.e. the "side" that interfaces with the public Internet. When your router is set up to SHARE this one public IP address with multiple computers/clients, it has to create a private sub-network, otherwise known as the LAN (local area network). Whether you plug computers in via ethernet to the router, or connect wirelessly to the router (or even both!), your router will create IP addresses for each of its LAN clients so that it can identify everyone. As long as the client has a different hardware MAC address, the router will assign it an unique IP address. (That's why you had 2 IP addresses for your MacBook - one for the ethernet connection, and the other for the Airport connection - each network interface having a different MAC address, and thus receiving a different IP address from the router.)
    Your router will always maintain its WAN IP address, as long as your ISP gives you that IP address (via your cable modem). However your MacBook, Windows and other clients may be assigned different LAN IP addresses depending on how you configured your router's DHCP server settings. The LAN clients in the context of your subnet would NOT be assigned the router's public WAN IP address when the router is set up to share that connection.
    If you understand the whole WAN v. LAN IP addressing thing, but you're not getting the results you expect, try powering off EVERY single piece of equipment on your network. Wait several minutes so that everything is cleared from the equipments' memory. Then power on and wait until the equipment is in ready state, in this sequence: 1-cable modem..., 2-main router (AEBS)..., 3-remote bases/bridges (if any)..., 4-computers and other client devices.

  • Mixing public and private networks on the same switch

    Hello Everyone,
    I know this may get some security engineers in frenzy but wanted to know if there is a safe way to mix public and private networks on the same switch. 
    We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network.  Each office has a 3750 with plenty of open ports.  How can I safely create a vlan for public access on these switches which currently have our internal network on.  I have read that people are doing this to save on the cost of purchasing a dedicated switch.  Some people are using access lists and one person mentioned creating a private vlan for the public network.  I looked up private vlan and it seemed bit confusing.
    Is this recommended?  If not what would be the safest way to do this?
    Thanks Everyone

    Disclaimer
    The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
    Posting
    How "safe" is relative.  If your running just one VLAN on a switch, that's would be the safest (basically the same as mixing traffic on the same wire - separation is done else where).
    If you multiple VLANs on a switch, then you need to determine how likely someone might figure out a way to breach the VLAN barriers.  (This isn't so easy on newer switches.)  If the VLAN isolation is breeched, then you need to examine what does that imply from a security perspective (for example can someone now inject or receive other VLAN traffic).
    For most purposes, I don't see mixing public and private VLANs, alone, on the same switch as much of a risk.  More of a concern is what can be reached on either VLAN and how well it's protected.

  • Trying to hook up my time capsule.  Plugged in the eithnet from the extreme over to the time capsule--then plugged in the time capsule--still in amber blinking light--went back to extreme and works fine--reset the cable modem in between but that did not f

    Hoping someone can help with setting up my new time capsule.  I am just switching from my extreme to the time capsule.  I can not get the time capsule to go anywhere but to amber blinkiing.  I can go back to the extreme and interenet works fine.
    Here is what I did:
    plugged in the ethernet cable from the cable modem
    plugged in the time capsule power
    Just cycles to amber blinking -- no internet connection
    Tried pulling up the airport utility but it just shows my old extreme configuration and says that it is not supported anymore.  Do not see how to display info on the flashing light.
    I have gone back to the extreme three times and it seems to work fine.
    I also repowered the modem in between trying to get the time capsule to work

    Is this a cable modem? It has to be off for at least 20min and sometimes much longer before it will give up the old settings. You might even need to power down the cable modem overnight.
    Tell us exactly what broadband you have with what ISP and exact model of modem..
    The new TC cannot be setup without using the latest airport utility 6.3.1 or 6.3.2 and you need Lion - Mavericks to use it.
    The computer also needs to have ipv6 setup to local link on whatever you are connecting with, wireless or ethernet.

  • Older Airport express won't see the signal from the cable modem.

    Older Airport express won't see the signal from the cable modem.
    My macbook sees the AP express and I can stream music to it but no internet. If I plug the ethernet cable directly into the macbook I can see the internet

    Anytime you change networking hardware, it is always a good idea to perform a complete power recycle of your networking components.
    I would recommend that you do the following as a minimum:
    Power-down the modem, AirPort base station, and computer(s).
    Disconnect the AirPort base station from the Internet broadband modem.
    While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
    After the base station resets, go ahead and power it back down.
    Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
    Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
    Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
    Power-up your computer(s).
    In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results.

  • HT4259 How can I extend a wireless network from a 2Wire modem by usingan Airport Express? Years ago I could do this just by plugging in the (old) Airport Express. TIA Travelmonger

         How can I extend a wirelss network from a 2Wire modem using an Airport Express? Some years ago using the old Express I was able to do so simply by plugging on the Express witha minimum of tweaking. Still the same?
    TIA
    Travelmonger

    Still the same?
    Unfortunately, no.
    Apple's newer "Extend a wireless network" feature was designed to only work with other Apple products, so it would be extremely unlikely that it would work with a 2-Wire device if you plan to extend using wireless only.
    If you plan to connect the AirPort Express to the 2-Wire device using a wired Ethernet connection, the Express can be configured to provide more wireless coverage that way.

  • I cannot retrieve the password for the wifi connection on my imac and so cannot access the internet with my ipad at home.  I have a cable modem. Help please!

    I cannot retrieve the password for the wifi connection on my imac and so cannot access the internet with my ipad at home.  I have a cable modem. Help please!

    If you mean that you cannot remember the password for your WiFi network this will work for you - or it should work if you are the administrator on the Mac.
    You will need to be logged in as the administrator on your Mac and you must know the password - Open Keychain Access on your Mac in the utilities folder, click on Passwords. Find the Airport Network Password listed on the right. Double click on it. Click on show password in the the window that pops up. Enter your administrator password when prompted and click allow.
    If Keychain is locked - you must enter the administrator password there as well to unlock it and access the password.
    If you have set the Mac up for Internet Sharing for the iPad to share the Mac's connection, just create a new network On the Mac with Internet sharing and a new password.

  • How can you create a playlist with music and music video and play those from same playlist through Apple TV?

    How can you create a playlist on Ipod touch with music and music video,  and play those from same playlist through Apple TV?  I can download, create a playlist with both music and music video, stream that through the Apple TV with no problem.  The sound and the information show up on the TV, but when it gets to a music video, it only shows the information and "artwork".
    I also have a video playlist - videos play fine through the Apple TV, but will not shuffle through all videos - continues to repeat the same one.  I have most definitely selected shuffle in both locations - from the playlist and on the ipod video screen while video is playing.

    I finally got it... had to sync the photos with the music in iMovie, arrange the voiceover in GarageBand then export to iTunes, and then I was able to put it all together in iMovie and burn in iDVD... had a few glitches along the way but finally finished : )
    Message was edited by: jpewald

  • In Pages 09 we can do Mail Merge and Import Styles from a document. Can someone please explain how we can do this with the new version of Pages 5.1. Even Apple solutions are only valid for Pages Version 09. What a DOWN GRADE!

    In Pages 09 we can do Mail Merge and Import Styles from a document. Can someone please explain how we can do this with the new version of Pages 5.1. Even Apple solutions are only valid for Pages Version 09. What a DOWN GRADE! Thank god Pages 09 is still there.

    …and the other 98 missing features.
    Just use Pages '09, which should be in your Applications/iWork folder.
    Rate/review Pages 5 in the App Store.
    Peter

  • HT1349 WHEN I TURN MY IPHONE 3S ON IT ASKS ME TO CONNECT TO ITUNES AND RESTORE. I HAVE DONE THIS 10 TIMES AND STILL GET THE SAME SCREEN. CAN ANYONE PLEASE HELP??

    WHEN I TURN MY IPHONE 3S ON IT ASKS ME TO CONNECT TO ITUNES AND RESTORE. I HAVE DONE THIS 10 TIMES AND STILL GET THE SAME SCREEN. CAN ANYONE PLEASE HELP??

    Has your phone been jailbroken?  If so, you will likely never get it to work again.
    You can try placing your phone in DFU mode (search google) and restoring.

  • Hi I live in Iran and I forgot the answer to the security question please help me thanks

    Hi I live in Iran and I forgot the answer to the security question please help me thanks

    How to reset your Apple ID security questions.
    Go to appleid.apple.com, click on the blue button that says 'Manage Your Apple ID'.
    Log in with your Apple ID and password. (If you have forgotten your Apple ID password, go to iforgot.apple.com first to reset your password with a password recovery email)
    Go to the Password & Security section on the left side, and click on the link underneath the security questions that says 'Forgot your answers? Send reset security info email to [email]'.
    This will generate an automated e-mail that will allow you to reset your security questions.
    If that doesn't work, or  there is no rescue email link available, then click on 'Temporary Support PIN' that is in the bottom left side, and generate a 4-digit PIN for the Apple Account Security Advisor you will be contacting later.
    Next, go to https://getsupport.apple.com
    (If you see a message that says 'There are no products registered to this Apple ID, simply click on 'See all products and services')
    Choose 'More Products & Services', then 'Apple ID'.
    A new page will open.
    Choose 'Other Apple ID Topics', then 'Forgotten Apple ID Security Questions'.
    Click the blue 'Continue' button.
    Select the contact option that suits your needs best.

  • Two networks - same cable modem

    I have two networks in my home - an "n only" using the Airport Extreme Base Station into which the cable modem is attached, and a "g only" which is using the newly purchased Airport Express and which is connected to the Airport Extreme Base Station. The express is setup as a bridge only (I believe the Extreme is assigning the IP addresses). All seems to work.
    Two Q's:
    1. Can I use the Express in the fashion I mention above but connected wirelessly to the extreme? If so, how do I configure each unit?
    2. I have an Apple TV and was wondering if changing things so that the Express assigns the IP addresses if things might speed up a little regarding Apple TV syncs.
    Thanks!!

    morahgreg, Welcome to the discussion area!
    1. Can I use the Express in the fashion I mention above but connected wirelessly to the extreme? If so, how do I configure each unit?
    If you are willing to lose the high speed of the 802.11n only network, you can configure the AirPort Extreme base station (AEBS) to operate in an 802.11b/g compatible mode. Then any 802.11b/g client can join including the AirPort Express (AX).
    2. I have an Apple TV and was wondering if changing things so that the Express assigns the IP addresses if things might speed up a little regarding Apple TV syncs.
    No it will not.

  • 10.5.6 setup on mini with USB nic, not receiving DHCP from WAN (cable modem

    Hello,
    I'm probably in a little over my head thinking I could configure MacOS X Server without much IT knowledge. But I started, so I'm not giving up yet.
    Here's my setup:
    — cable modem ethernet connects to USB nic (the apple macbook air one) plugged into mac mini running 10.5.6 Server
    — ethernet on mac mini connects to switch
    — switch connects to airport base station set-up as bridge
    — in the future other computers will connect over ethernet to the switch (that's why mac mini isn't plugged into base station directly)
    Here's the issue:
    — cable modem uses DHCP (no fixed IP).
    — when first installing 10.5.6 Server, modem was connected directly to ethernet on mac mini, and picked up everything from DHCP, worked fine. Ran all the system updates (started with a 10.5 initial install)
    — after everything was installed, I switched the modem to the USB ethernet adapter and ran NAT setup assistant. configured the USB Ethernet as the WAN, Ethernet as the LAN, turned on VPN.
    — now the USB Ethernet won't pick up the DHCP of the WAN anymore. It did it once, and then never again.
    — I've run the NAT setup assistant to switch the WAN and LAN nics to see if the USB Ethernet was the issue, but with the same results.
    — This setup used to work although not quite stable on 10.5.4 server.
    My initial questions:
    — is the firewall blocking the DHCP?
    — is the LAN DHCP messing with the WAN?
    — in the previous version I had to set the replythresholdseconds from 10 to 0 in the bootpd.plist for it to hand out DHCP on the LAN, but there is no such entry in the pootpd.plist anylonger, and the keynet_address entry that was missing from the previous version of bootpd.plist is now present, so it seems the bootpd.plist has been fixed by apple.
    — what am I doing wrong? Why doesn't this just work as advertised...
    I know there are several of you out there that have the same setup working (I found posts from hirstey and DigiAngel with the same setup) so it must be possible. All your help is much appreciated!!
    Thanks,
    Hagenaer
    Thanks!
    Message was edited by: Hagenaer

    Thanks for your reply, DigiAngel.
    DSL modems differ from cable modems as far as I understand. Where DSL modems are actually routers capable of NAT/DHCP, cable modems are just a network interface/brigde and can't do any of that. So it should pass the external IP to the computer. I'm writing on a laptop with the cable modem directly plugged into it, and it picked up the external IP etc. near instantly. The mac mini did the same before I ran the NAT setup assistant. I believe it picked it up once after that, but never since.
    I had done a clean install, had the ethernet plugged into its internal ethernet port (en0) and was able to download all the system updates. Then plugged in the USB ethernet, I'm pretty sure it still picked up the IP there. Ran the NAT setup assistant and can't get anything to work anymore. Even with all services switched off.
    So the modem is doing its job, but when I connect it to the USB nic the connection gets a self-assigned IP in about 3 seconds after seeing the cable is connected. The one time I've seen it get the right IP, it got a self-assigned IP first and then about 5 seconds later picked up on the correct IP. (And it picked up everything, including DNS server and search domains, which this laptop I'm writing on does not, although it works just the same).
    Unfortunately, this laptop runs 10.4.11 which doesn't recognize the USB nic, so I can't test the adapter outside of the server environment. But I've had the genius bar test the adapter previously and it worked fine then, plus I've run the NAT setup assistant with the connections inverted (WAN over built-in ethernet, LAN over USB ethernet) with the same results: WAN gets self-assigned IP.
    I've also tried configuring manual IP for the WAN from what I saw was given to this laptop (it kept the same IP even after being disconnected/reconnected, so I guess the IP for my modem won't change IP unless I reset it. Although I'm not sure if it's correct logic to assume the mac mini would pick up the same IP as well since I think that's actually tied to the MAC address and the IP doesn't belong to the modem but to the computer behind it).
    Anyway, I'm not sure what to try next...
    Hm. Wait, this might have something to do with it: the firewall logs the following:
    Mar 22 14:12:07 server ipfw[4997]: 65534 Deny UDP 73.227.220.1:67 255.255.255.255:68 in via en 2
    Looking up 73.227.220.1 gives me dns1.inflow.pa.bo.comcast.net, clearly my provider's DNS server. Trying to get me an IP that my wirewall is denying? Turning off the firewall doesn't make it pick up the correct IP though... I have turned off all services and still just got a self-assigned IP.

  • No internet from grandecom cable modem

    I have a Wrt54gs wireless router, Ubee DOCSIS 2.0 cable modem U10C018. My isp is grandecom.net.
    I have cloned my pc's mac address and can connect to grandecoms systems with my router. (ie the wan interface obtains a 24.155.x.x address)
    I can't connect my internal pc's to the internet.
    I use a class c internal network  192.168.1.x
    my linksys internal ip address is 192.168.1.1
    the ubee can be ping internally at 192.168.100.1
    what should my routers  gateway be set to?
    I have tried 192.168.100.1 and many others. including 24.155.x.x variations
    Any help appreciated.
    Message Edited by BigA1 on 03-01-2010 08:17 PM
    Message Edited by BigA1 on 03-01-2010 08:17 PM
    Solved!
    Go to Solution.

    If the WRTs gets a public IP address 24.155.*.* from your ISP then the router configuration is correct. Check the Status page in the web interface.
    Do those computers use DHCP?
    It's probably best if you open a command prompt window on your computer and enter "ipconfig /all". Copy the full output into your response. That should show your current IP configuration on the computer.
    The gateway IP address in your LAN 192.168.1.* is 192.168.1.1.
    Message Edited by gv on 03-02-2010 09:54 PM

Maybe you are looking for

  • The requested action is not supported for this object. [message 131-171]

    Hi, One user is having the below error message appear when she attempts to print remittances. This has only started happening since yesterday and all other documents are still printing. "The requested action is not supported for this object. [message

  • No mail in gmail inbox on iphone

    My inbox in gmail on iphone is always empty. Messages from inbox that I delete on computer will show up on iphone in deleted box and sent messages show, but not inbox. Why? and How to fix?

  • Which instruction book/tutorial will help more?

    Hey everyone, I'm getting a little fed up with the manuals that come with the Logic Pro software and have been looking around for some good books and tutorials to help get me on a better path with this complex program. So far, I have narrowed down my

  • How do i install ilustrator in my allinone pc? (touch)

    I have an HP computer, it´s an all in one (touch) pc. Seems like adobe recognize my pc like a tablet or a cellphone because when i try to download the program apears a message saying that ilustrator is a desk application and has to be download in a p

  • Whats fatal error

    Hi Experts, I received an alret as error mentioned "Error Occured during Message processing. Please check Message ID  in the transaction SXMB_MONI in XPP300". Its fatal error. whats exactly fatal error?.. and how i can recover from this? Please do ne