This content has been updated. You will be momentarily redirected to the current version.


Moved! I now blog at http://www.saicharan.in

Wednesday, November 15, 2006

Network Access across a router

This document recapitulates the tasks that were needed to be done by us to enable access between the online and offline systems in the lab at my hostel:

1) First set up a DNS ( with a domain name say ssshcc.edu )
- Set up the forward and reverse lookup zones
2) Set up the DNS machine to act as the router also between the two segments.
3) For each computer on the online and offline segments, change the primary DNS suffix of the computer to the DNS domain name ( as specified in step 1 )
- Right Click My Computer > Properties
- Computer Name
- Change
- More
- Type in the new Primary DNS Suffix
4) For each machine in the online and offline segements, make sure that the guest account is allowed network access.
- Start > Control Panel > Local Security Policy > Local Policy > User Rights Assignment > Deny Logon over Network
- Remove the Users whom you wish to allow network access (if the name is in the list)
5) Make sure that the default gateways and Primary and Secondary DNServers are correctly entered in the Network Configuration.
6) In the lab, i.e., in the SSSHCC, the online systems donot have guest login interactively, but we want the guest users from the offline segement to be able to access the online systems. For this, we enable the Guest user account on the Online systems, but prevent their Interactive Login as follows:
- Start > Control Panel > Local Security Policy > Local Policy > User Rights Assignment > Deny Logon Locally
- Add Guest user.
7)Here, you can choose the custom list and add the required IPs or choose then Any computer option as required.
8) One last setting: The windows firewall by default allows only computers on the same segment to access each other. This needs to be changed:

It is like this: Port 445 (which is what windows uses for file and printer sharing) by default accepts connections only from computers on the same subnet as itself. This behaviour can be changed as described in the document: https://docs.google.com/View?docid=ajgs46pc346b_9dxvvjc.
You can find Microsoft's description of the solution(KB840634) at http://support.microsoft.com/kb/840634

No comments: