Re: Using two routers for securtity without double

Author	All Replies
janderso1 Jim Premium,MVM join:2000-04-15 Saint Petersburg, FL	reply to apara0 Re: Using two routers for securtity without double With this setup the wireless users can’t see anything on the wired LAN. The wireless users will only be accessible if the route add is done on the wireless PC. -- Jim Anderson
	to forum · permalink · · 2005-07-08 08:30:45 ·
apara0 join:2005-07-03 La Crescenta, CA	Jim, So if on the wireless PC a route add is done, will wired users be able to see the wireless users and vice versa? Is there a way to make it so that wired uses always see wireless users but wireless users cannot see wired users? I really want to isolate my wireless users from my wired lan. In case there is a break into the wireless network, I don't want them to be able to break into my wired lan. Thanks. -AP_
	to forum · permalink · · 2005-07-08 10:26:21 ·
janderso1 Jim Premium,MVM join:2000-04-15 Saint Petersburg, FL	The route add tells the wireless PC to use the alternate gateway to reply to a request from the wired PC. The wireless PCs are still blocked from initiating a request to the wired segment by the firewall in R2. In my case I forwarded port 515 to the IP address of my print server on the wired segment to allow wireless PCs to print to it. -- Jim Anderson
	to forum · permalink · · 2005-07-08 10:47:07 ·
apara0 join:2005-07-03 La Crescenta, CA	With the NAT disabled in R2, 192.168.8.0 addresses reach R1 and then use R1's NAT to go out to the internet? So there is still a firewall even with NAT disabled? I always thought that NAT was the firewall in most routers. I guess the SPI firewall is separate from NAT and still does not allow arbitrary traffic INTO the router? Thanks. -AP_
	to forum · permalink · · 2005-07-08 12:08:13 ·
janderso1 Jim Premium,MVM join:2000-04-15 Saint Petersburg, FL	Yes, R1 must do NAT for both subnets (not all routers will doe this, the ones I mentioned will). On the Zyxel routers you can enable/disable NAT and the SPI firewall separately. You may be able to do this with some of the Linksys routers. -- Jim Anderson
	to forum · permalink · · 2005-07-08 12:32:39 ·
seezar Premium join:2001-07-01 Rochester, NY ·ViaTalk edit: July 8th, @12:43PM	You could always get a soekris box (net4801) for about $275, »www.soekris.com/ which has a WAN port and 2 LAN ports and then run M0n0wall on it, »m0n0.ch/wall/ . I have my wired LAN on one LAN interface and my wireless on the other. Then configure each interface for 2 different subnets and a firewall rule on the wired LAN to block all traffic from the wireless LAN. That way the wireless network is behind NAT but cant get to my wired LAN but I can access the wireless network via the wired.
	to forum · permalink · · 2005-07-08 12:40:57 ·
dnoyeB Ferrous Phallus join:2000-10-09 Southfield, MI	Its not clear to me how this avoids double NAT. Its seems like both routers are on seperate subnets!?
	to forum · permalink · · 2005-07-26 09:08:37 ·
janderso1 Jim Premium,MVM join:2000-04-15 Saint Petersburg, FL	When you disable NAT on R2 (the Zyxel) it acts as a pure router. When a PC on the R2 LAN accesses the Internet its real 192.168.8.x address is passed to R1 by R2. R1 then replaces the 192.168.8.x with its WAN IP address (which is why R1 must be able to do NAT for more than one subnet). -- Jim Anderson
	to forum · permalink · · 2005-07-26 09:23:08 ·


Friday, 05-Dec 05:54:11	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com.republican-creole page compression OFF