jorsing
asked on
Two Linksys Routers - One way VLAN
I have an installation where I have 3 Lab workstations running just one application connected to the internet for updates thru a Linksys router. The customer would like his office desktop to share this internet access, but I do not want the office machine to have access to the 3 lab machines. I've disinfected the office machine before and want to make sure that the lab workstations are protected from contamination.
Considering the diagram below (both routers are Linksys 4 port):
Internet--Router1--Lab (192.168.1.0/24) Existing
|
Router2--Office (192.168.2.0/24) Proposed
a)Will this isolate the lab LAN from the office desktop, or does the internet connection have to start at Router2 ? Or must I have a 3rd router like holger12345's solution at:
https://www.experts-exchange.com/questions/21140560/Security-with-office-sharing-internet.html
b)Should I also disable some services on the office machine, like Computer Browser and TCP/IP NetBIOS Helper?
Thanks in advance
jorsing
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
mtpcbypc ... 1 minute earlier ;-)
the solution is the one with the third router like you've already seen at my old thread ...
the solution is the one with the third router like you've already seen at my old thread ...
ARGH too slow drawing pictures. thanks
ASKER
Thanks to everyone for answering. I'm splitting points.
100 to pseudocyber for the best practices solution
200 to mtpcbypc for well laid out instructions
200 to holger12345 for the solution I referenced in my question and mtpcbypc laid out step by step
Accepted answer goes to mtpcbypc, because the next person seaching will get pointed to the most information.
BTW, Take a look at sveasoft open source firmware for the Linksys WRT54G, which does allow vlans by port, QoS and more.
http://www.sveasoft.com
100 to pseudocyber for the best practices solution
200 to mtpcbypc for well laid out instructions
200 to holger12345 for the solution I referenced in my question and mtpcbypc laid out step by step
Accepted answer goes to mtpcbypc, because the next person seaching will get pointed to the most information.
BTW, Take a look at sveasoft open source firmware for the Linksys WRT54G, which does allow vlans by port, QoS and more.
http://www.sveasoft.com
Thx for the points and that nice link ;-)
ASKER
But do I care if if the Lab network1 can see the Office network2? I think I'm more concerned with making sure the office network can't see the Lab, so that any parasite on the office network is contained and not "pushed" to the lab network by some trojan script.
Or do I need to be worried about the Lab network1 pulling a bug from office network2?