Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2376
  • Last Modified:

Creating subnets/VLAN on home network

I want to secure my home network in such a way that all of my computers are seperate from the other computers in the house.  My initial idea for this was to place all the computers that I do not control into a subnet that is seperate from mine and then create a static route so that I could connect to those computers, but they could not connect to mine.  I don't know if this is possible or if it makes sense, but it was my initial thought on the subject.

Here is what I have to work with:

1x Motorola Surfboard modem
1x WRT54G wireless router with DD-WRT firmware.
1x BEFSR41 wired router

-----

2x 8-port switches

Currently, the WRT54G is my gateway to the internet.  All of my computers are connected to an 8-port switch which is connected to port 1 on the WRT54G.  All of the computers I do not control are connected to an 8-port switch connected to port 2 on the WRT54G.  A friend of mine suggested that I connect all of my computers to the BEFSR41, use NAT and then connect the BEFSR41 to the WRT54G.  I don't like this solution because I currently use some of the advanced features of the WRT54G with DD-WRT to eliminate the need to use port forwarding and I don't want to use port forwarding on the BEFSR41.

Additionally, I want to be able to manage both routers from any machine on my switch, but I do not want any of the other computers that I don't control to be able to manage the routers.

Thank you.
0
HSolo327
Asked:
HSolo327
  • 3
  • 2
2 Solutions
 
giltjrCommented:
Routes are uni-directional.  Meaning you have a route to somebody else and they have a route to you.

In order for you to connect to another computer in another IP subnet, it must have a route back to you.  Otherwise it has no idea how (which route) to send the the packets back to you.  So your plan of a "one-way" static route won't work.

Your best bet for security is personal firewall on your computer so that you can control what traffic and from which IP address is allowed into and out of your computer.

You have computers in your house that you don't control?  Who controls them?

Both routers have passwords to manange them. don't they?  Set the passwords and don't tell anybody what they are.
0
 
bbaoIT ConsultantCommented:
umm... are you a landlord who is trying to separate your private network from those of your guests? :)
0
 
HSolo327Author Commented:
no, but the concept is the same.  I live with four other people and I don't have administrative rights to their machines.  There is one guys specifically who tends to pick up various viruses, one of which was network aware and nearly took out my entire house.  This is why I want so section them all off from my equipment.  I can't take them off the network because they help pay for utilities.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
bbaoIT ConsultantCommented:
basically, what your friend's idea, to use NAT, was right. if you prefer to use WRT54G, that is OK. since both WRT54G and BEFSR41 support NAT, so you can use either of them as the NAT gateway to the internet, which will be connected to the Surfboard modem. umm... is there any other people's machine using the WRT54G wirelessly with you?

so two approaches you may consider:

1. modem <- WRT54G <- BEFSR41 <-subnet B-> 8-port switch <-> other people's computers
                         |                                                (optional)
                    subnet A
                         |
           8-port switch (optional)
                         |
                your computers


a. to access subnet A from subnet B should be disabled on BEFSR41 (your subnet A is an external network, same as the internet, of subnet B).
b. BEFSR41's remote admin function should be enabled because you need to manage it from your subnet A (subnet B's external network).
c. make sure that there is NO other people's computer allowed to access WRT54G wirelessly. securing the wireless network is recommended.

2. modem <- BEFSR41 <- WRT54G <-subnet A-> 8-port switch <-> your computers
                         |                                                (optional)
                    subnet B
                         |
            8-port switch (optional)
                         |
           other people's computers

a. make sure that there is NO other people's computer allowed to access WRT54G wirelessly. securing the wireless network is recommended.

hope it helps,
bbao
0
 
HSolo327Author Commented:
I had come up with that solution while working with it the other day.  I have the WRT54G at the top and the BEFSR41 below it.  I'm connecting the two routers using a crossover cable between two of the regular ports.  Should I use the WAN on the BEFSR41?  I didn't think so since they're still on the same network, just different subnets.  bbao, you will get the points for the question once I get it up and running.
0
 
bbaoIT ConsultantCommented:
> I'm connecting the two routers using a crossover cable between two of the regular ports.
> Should I use the WAN on the BEFSR41?

1. modem <- [WAN] WRT54G [LAN] <- [WAN] BEFSR41 [LAN] <-subnet B-> other people's computers
                                [LAN]
                                   |
                              subnet A
                                   |
                          your computers

a. b. c, same as mentioned above
d. the WAN port of BEFSR41 should be assigned an internal IP of subnet A, as well as subnet A's default gateway.

> I didn't think so since they're still on the same network, just different subnets.

this will actually separate the network, not only in different subnets, but also in different physical network segments.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now