Networking design problem

[bupkus]

I have a friend with a small business who uses 3 computers.

Two of them are networked but are for internal use only, i.e. they have no internet exposure.

PC #3 is for internet only and has a modem connection (satellite) thru the motherboards ethernet port.

Now he wants to be able to access the internal network with his internet PC (#3).

I figure I'll need to install a network card into #3, but there are concerns.

How do I keep the internal network safe? Do I use a firewall or what?

Another small complication:
The internal computers (1 & 2) are running Windows 2K Pro.

What to do, what to do...

 

[BriGy86]

Could you get a home router and reserve IP addresses for the 2 internal computers? then disable NAT for those computers? (not sure if home routers have that option. I'll check mine when I get home.) if possible I would think they would all be able to communicate but the 2 internal ones wouldn't be able to get past the WAN connection.

The option you suggested would work but the only problem is what if PC3 gets infected. then it can easily pass it on to the others.

*EDIT*

I suppose my option would still run the same risks as yours though. any reason he doesn't want them to have internet access? Get a good firewall and AV. Then quit using an admin account as your regular computer account...

Or maybe editing the LMHOSTS file is an option. redirect external traffic to 127.0.0.1 so they can't reach the internet.

 

[Pantlegz]

all you would have to do is setup a router for the internal network and just make sure the computer on the internet is not sharing it's internet connection. that with a simple AV and firewall on the computer connecting to the internet and you should be ok.

 

[bupkus]

I'm using a switch for the internal network with static IPs.

Just how do I prevent a sharing of #3's internet connection? Isn't it disabled by default?

BTW, although the 2 internal PCs are using Windows 2K and have no AV or firewall, #3 does and it is running XP Pro.
I need to check the Int Security SW on #3.

 

[Pantlegz]

yes internet connection sharing is disabled by default. And I think you would be ok to just plug #3 into the switch, with the 2nd NIC. Nothing outside the network will be able to get to the private network, unless you're NATing which is something else you would have to setup and most home routers don't support it or it's off by default.

 

[JackMDS]

PC with Internet gets a second Network card that goes to the switch with the other computers.

All three are on private IP that is on a different subnet than the one that connects to he Internet.

ICS Off, and you are set.

 

[kevnich2]

Originally posted by: JackMDS
PC with Internet gets a second Network card that goes to the switch with the other computers.

All three are on private IP that is on a different subnet than the one that connects to he Internet.

ICS Off, and you are set.

Yep, do what Jack said and just make sure you don't turn on ICS or bridge the two network connections on the PC with internet. Though as long as you have a decent router, you should be ok with all 3 PC's having internet, unless this company is like a DoD contractor with classified material which, I slightly doubt but hey, had to mention it.