Network Neighborhood proxy?

[Demon-Xanth]

We're looking to have anetwork in my department electrically isolated from the rest of the company. The reason being that there will be development systems that need to be accessible by us and not under control of MIS. However there is one person who needs access that is too far away to just run a cable w/o raising a stink with MIS and facilities. They are on the normal company wide network and can see our non-development systems.

Is there a program that will let a computer map a drive on the development systems, and allow that to be mapped by another computer? (basically jump through a workstation) The OS's on the potential proxy systems is WinNT and 2000.

Edit: a dedicated NAT won't work (have to go through MIS's hoops), and we want ONLY the standard windows filesharing to be passed, not neccessarily the rest of the internet.

 

[jmitchell]

Unless you are using wireless technologies, there is no way to have an electrically/physically isolated network, if you must include the machine that is part of the non-development network. Other than that part, I dont quite understand the nature of your question. Maybe you could re-word it?

j

 

[Demon-Xanth]

Basically it's like this:
One computer is across the building with one NIC hooked upto the company LAN

A couple computers with one NIC each are hooked upto the department LAN

A bunch of computers have two NICs, one hooked upto the company LAN and one hooked upto the department LAN




I want the one computer w/ only company LAN access to be able to see the computers w/ only department LAN access.


Attempted ASCII art:
D==development computers
W==workstations (that can act as a gateway)
S==computer off in the middle of nowhere

D\........./W-\
....[hub]-W--[company LAN]--S
D/........ \W-/

Edit: the "." are just spacers

 

[RemyCanad]

Just try it and find out. I think it will work if you set it up right.
Could you not put this development computer on both lans? The security will be the same....

 

[Demon-Xanth]

Technically, all on the same LAN would be no problem. Politically it'd cause big problems. The heads of MIS are net nazis and they basically consider any system on the LAN thier systems. Which doesn't work well for development of new systems. (example of overzelous admins: email sigs must conatin 7 particular lines of info and be in Arial 10 (black font, blue if via the web), backgrounds must be company backgrounds...)


...we tried sharing a shared drive, that doesn't fly. And setting it up right is the problem: how?

 

[Saltin]

When you say " see" do you mean TCP/IP "see" or do you mean "network neighbourhood" see?

 

[Demon-Xanth]

Network neighborhood see, all we need to be able to do is move files.

 

[RemyCanad]

Why not set up a small FTP server on the development computer. Then go to the machine that need to have access and mount that server into the network neighborhood folder?

 

[Woodie]

Set up a "router" workstation, w/ NICs on Corporate and Development Lans. Set up a VPN server, listening on the corporate nic, and routing all traffic to the Dev lan.

Now, install the VPN client on the remote user, then he can connect via the VPN connection to the "router" workstation, and it'll look as if he's right on your development network.

 

[Saltin]

Well, if it's just Network Neighbourhood "see" you need, then the soltuion may be a bit easier.
Look into the master browser service, which is the service that reports domains and computers to Network Neighbourhood. It can be manipulated to show only certain domains/computers. It requires a bit of fancy WINS and LMHOSTS work, but it can be done.

 

[Woodchuck2000]

If your switches support it, you can set up a thing called a VLAN which allows you to isolate a group of PCs based on their MAC address and stop others seeing the PCs...

 

[RemyCanad]

The problem with a VLAN is that it looks like even if they are uising switches he does not have access to them.

 

[Demon-Xanth]

<< The problem with a VLAN is that it looks like even if they are uising switches he does not have access to them. >>



Bingo.

So far the best solution appears to be to run an FTP server on the inbetween system with the development station's drive mapped. Politics suck :/