Using 2 routers to provide wifi and protect my network

Connections are as follows
Internet --> Netgear WAN port| Lan Port of Netgear (192.168.1.X) --> WAN port of Buffalo router (192.168.11.X) Internet is accessible from the Buffalo but cannot see the Netgear LAN easily. I can type in 192.168.1.1 from my 192.168.11.2 PC and log into the Netgear. I just want to be sure that the Buffalo connected clients cannot get to the Netgear connected clients. I dont think they can but if so I would like to know how so I can shut it off.
thanks Jim

Put it the other way round, first the router that should only see the internet, and then the other one. With your current configuration someone could change the ip settings of the networking interface to static, and use a netmask like 255.255.0.0 and may then be able to see everything of 192.168.x.x.

If I password protect the Buffalo router (Assuming no hard reset, and they could not change the IP range) could someone still bypass it through the wireless?

All they'd need to do is change the ip properties in their wireless card on the PC. They wouldn't have to do anything on the router, so if that is password protected or not wouldn't change anything. OF course you should still password protect it.

I tried what you said. I was able to set my Buffalo connected laptop with DHCP providing the 11.X Numbers to 1.X setting the Gateway and DNS to the 1.X router IP and could get to the internet. I couldnt get to the internal shared recources. I tried to access server shares and got messages about being inaccessable. Is that becaouse the router is handling the 1.X calls and not the PC? If this is true I am ok as is. But I do see your point on using the routers the other way. No one could back route in that case. Thank you for your assistance.

your welcome.