network config - communicate between test lab and production environnement


We have a lab environnement that is setup on a separate switch. The switch is not connected at all on the production environnement. however this is not very practical when we want to access files on the internet.

I wanted to know if it possible to keep it separate so that the DC and DNS,DHCP,WINS server on this lab environnement do not interfere with our production environnement.
If I use a router like a linksys 4 port wired router and setup a port forwarding on separate subnets

Example :
Production environnement subnet 192.168.0.x connected via switches to cisco router and firewall and then to internet.
Lab environnement subnet 192.168.2.x connected via switches to a linksys router, then to the production env switch and then go to cisco router and firewall .. ..

is that even possible ??
Yes - I dont think its the best practice, but Microsoft says it can be done in a Separate AD forest here:

disregard the CRM info
matanguayAuthor Commented:
yeah i know i can have two separate forests and all but the dhcp will interfere .... if I use a router i can filter packets coming on the router so dhcp requests and other stuff dont get to my lab and mess up my production environnement. but I dont know how to do it :(

A DHCP server can provide IP addresses to client computers on remote multiple subnets only if the router or switch that separates them can act as a BOOTP Relay. DHCP traffic uses the User Datagram Protocol (UDP) ports of 67 and 68. Filtering those ports will prevent DHCP traffic (and BOOTP relays).
matanguayAuthor Commented:
so if I simply plug the router on a switch port and create trusts for file sharing only and internet access it should be ok ???
yes. Separate forests.
matanguayAuthor Commented:
ok but what ports do I have to open to allow file sharing and terminal services from the production env. ??
TCP 445 for filesharing
TCP 3389 for terminal servicer(s) or remote desktop
matanguayAuthor Commented:
One last detail.

On my router, I do not want to use port forwarding as it will only point to one computer, I need instead to use Static routes (correct me if I'm wrong). Now I tried setting that up on a linksys befsru31 router and I could not get it to work properly. Please tell me if you know it .. if you dont i'll just use port forwarding and accept your answer as it was my original question.
