I have a PC running Windows 7 driving my plasma cutter table. At the moment it is 'stand alone' ie NOT on my local network as I don't want external interference from the likes of Microsoft poking up dates at it. However I DO want to communicate with it from other PCs on my local network.
As the Plasma PC uses Ethernet to talk to it's various drivers and torch height controller, it is set up currently as 192.168.10.154 so is on a different 'sub net' from the rest of my local network which is 192.168.1.XXX
The plasma PC has only one Ethernet card as do my other PC's.
Is it possible to run two subnets on one ethernet card so that the
192.168.10.XXX CANNOT access the outside world and the 192.168.1.XXX CAN ?
Or is there some other way that I can access this PC from my network without giving it access to the outside world?
W-e-e-e-e-e-e-e-e-e-llll. I have a firewall between the router and my internal network and I don't allow anything to talk to the Internet unless it's specifically allowed to, but you may not want the expense and complexity of this solution.
And adding a second ethernet card is an easy way to achieve it if windows persists in a one card, one address policy.
I found this online
"These are the steps to add the second IP address to your existing network adapter.
Use the Start menu to open Control Panel. On Windows XP, you may need to open Network and Internet Connections. Open Network (and Dial-up) Connections. Open your network adapter. Click Properties. Click Internet Protocol (TCP/IP) then click Properties. Click Advanced. On the IP Settings tab, click Add... Type in the new IP address then click Add. Click OK to close the Advanced TCP/IP settings window. Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close your network adapter properties window.
That should allow that PC to connect to the plotter.. or if you do that to the plotter, you will of course put it firmly in the domain of 'stuff that can access the internet', and you will need to firewall it out.
Yes, that you can do by:
1/. Adding a second network address in the 192.168.10.X network to your ROUTER
If the router is reasonably well designed (many aren't) that will automatically route any addresses in that network to the ethernet, and hence the cutter.
However that will *enable* that PC to 'see' the internet. To stop THAT
2/. Add a firewall rule disabling
192.168.10.* from accessing any other network than 192.168.1.0
HOWEVER once you have faffed around, actually the simplest way to do this is to move the plotter PC into the standard Internet domain - i.e change its IP address to 192.168.1.100 or similar, and disable its internet access.
There are different ways to achieve that: Firewalling is one. Many routers allow you do prohibit access to the internet fir some or all machines in the network. A
Another way mentioned by a poster, is to change the default route on the plotter PC. To something spurious. This will mean absolutely manually configuring the networking and not using DHCP, on that PC, so assuming you have changed its IP address to be 192.168.1.100 and your router is on say 192.168.0.1, you will need to make sure that the default route is set to something spurious like 192.168.0.254
On balance this may be the easiest route to take. Give that PC a manually set IP address and *spurious* default route (gateway) *on the
192.168.1.0 network*, and Robert should be a relative.
You can add multiple IP addresses to a network interface, and so could add your and address on your plasma PC's subnet to one of the other machines. That would then let the plasma PC see shared folders etc on the other PC, but it would not have access to the wider network. That would give you very controlled access to the LAN basically using another machine as a stepping stone.
On a simpler level you could manually set the IP address and netmask on the plasma PC to be on your main subnet, but don't set a default gateway. Then it would be able to access LAN resources freely, but not be able to route outside of the LAN.
What John say is correct, but if you letting it access other devices you open yourself up to viruses / malware, and without patches or antivirus updates your plasma cutter pc may stop working... be careful
Have just bought an Asus RT-AC68u router to replace my crap Virgin Super Hub, in this under parental controls you can time limit internet access via mac address but maintain network access which I do for my son, so if you extend the time limit for a full 24hrs your cutter will be (cut) of from the Internet
Shouldn't be a problem adding a second IP address to a windows Ethernet interface.
At well as knobling the gateway 'next hop' address, there are settings inside 'windows firewall' that could also be used to block all non-LAN internet traffic (but do ya trust Microsoft not to have a secret bypass to that?)
You may also want to disable the PC's IPv6 ability, if your router has any bright ideas on connecting with that.
Much depends on the workflow. They may be no reason or desire to allow updates on the plasma PC. Chances are he has a working solution and wants a fixed configuration, but at the same time an easy way of moving gcode files etc to the plasma controller.
If the only thing the network connection is being used for is shifting data files, by reading them from a shared drive, then there is little risk to that PC.
I have a client with a similar requirement for his Non Linear video editing platform. It has an ethernet connection to his office PC and that is multihomed, so that the NLE PC can only see the other machines shared drive, but has no direct internet or LAN access.
already said he does not want that in the original post, and without internal deployment servers there is no other way to have updates with out an internet connection
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.