• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

How do I build two seperate networks in my office?

I've got an old Netopia router from my ISP (SBC now AT&T) and I've got 5 static IP's from them. I want to set up two networks in my office: one for workong on customer's computers and another netowrk for my office LAN. I do not want packets to be able to travel betweeen these networks; I want my office LAN to be totally unreachable from the other network.

What I need to know is simply where I need to place a router, firewall, or whatever to accomplish this isolation. I've got plenty of switches lying around so equipment is no problem. I"ll buy whatever I need to buy regarding another router, firewall, or whatever I need to get in order to accomplish my goal. Make sense? Help please. Thanks.
0
WineGeek
Asked:
WineGeek
  • 6
  • 5
1 Solution
 
Scotty_ciscoCommented:
Funny think but you can acctually run different IP networks over the same wire through the same switch and everything... not the most favorable way of doing things but it will work.

Thanks
Scott
0
 
Scotty_ciscoCommented:
Easiest way to accomplish what you want is a simple firewall actually.... or just put both networks into a different swich and never cross connect the 2... I would look into a linux based firewall though like IPcop or smoothwall both will do what you want.

Thanks
Scott
0
 
WineGeekAuthor Commented:
The Netopia router has a firewall in it and it is active, and it also has a 4-port switch on it. I've currently got a Linksys switch hanging off the Netopia's switch as my LAN. So do I need to hang another router/firewall off the Netopia's switch to form the other network? Also, how do I prevent access to this second network from the first network? Thanks.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Scotty_ciscoCommented:
the only way to protect and still give both segments Internet access would be to be able to have a secondary IP address on the netopia router and I am not aware if they can do that or not.  I have not had a lot of experiance with netopia devices.  Can you provide a model number on the netopia I will look it up and see what it is capable of?

Thanks
Scott Bertsch
0
 
WineGeekAuthor Commented:
I'd actually rather you just tell me the theory behind how this is done (the applying a second IP address to a router)  and I can handle finding out which device  I will need to accomplish it. Thanks!  :)
0
 
Scotty_ciscoCommented:
(switch 1)--------------(router)
          |10.1.1.x
          |----------------------------------------------(switch2) 192.168.1.x

Then on the router ethernet you have ip address 10.1.1.x and ip address 192.168.1x secondary and then you apply access lists to them.

Thanks
Scott
0
 
WineGeekAuthor Commented:
.... and in the access lists I simply say something like "do not allow any packets into this network from network 1." right?
0
 
Scotty_ciscoCommented:
pretty much... and vise versa that way in order to get there they must go through the gateway... not the prefered way but ecconomical and somewhat safer than running both subnets down the same switch.

Thanks
Scott
0
 
WineGeekAuthor Commented:
Now you confused me. You said "in order to get there they have to go through the gateway." What has to go through the gateway and where is it going?
0
 
Scotty_ciscoCommented:
Traffic;  if you want traffic to pass from one network to the other it would have to go through the gateway.
0
 
WineGeekAuthor Commented:
oh, sorry, totally misunderstood you there. thanks.
0
 
n8pttCommented:
Hummm.. this should work: get a 2nd cheap router. have your 'test' network connected to it. assuming your IP address of your router is 10.1.1.1 give the wan port of the 2nd router 10.1.1.2 with a subnet of 255.255.255.252 so the 2nd route only 'sees' the 10.1.1.1 address (default gateway for 2nd router). the 255.255.255.252 will lock it onto only having 2 ip numbers. you can get to the internet but your 'normal' network will be in effect be unreachable due to the subnetting. if your router has an odd number then your wan port would be the number below it. i.e. 10.1.1.5 for your router, your wan port would be 10.1.1.6
ipnote: this subnet is in blocks of 4 with the low number being the network address and higher number being the broadcast address. so you would have to have your addresses end with 1-2 5-6 9-10 13-14 17-18 21-22 25-26 29-30 and so on.
you will need to put the dns numbers on your 2nd router for resolution to the internet. Hope this helps.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now