Bridging two networks

   I have 2 networks (192.168.0.* and 192.168.1.*).  I want each of them access the other network, with port filtering (I don't want file sharing to work, only some port like 80, 3389, 1433, ...).

Can I do this with a router (configured as a router not a gateway I presume) or with a pc with 2 NIC?

Thanks for your help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bill BachPresident and Btrieve GuruCommented:
A router with firewall capabilities is the correct device, with one interface configured for 192.168.0 subnet and the other for the 192.168.1 subnet.  You may be able to use a simple PC as the router, though this is vastly discouraged, since regular "home" routers (think Linksys) are so cheap.  You could even use a combination router/wireless gateway and have full wireless capabilities, too.

In short, you'll configure the router/firewall to pass minimal traffic (by opening just the ports you want).
DanielBlaisAuthor Commented:
This is what I did (tried to do) but this doesn't work completely.

I have a router and a pc  This router have port 80 open forwarded to pc  The pc have it's default gateway set to

I have a router and a pc  It's default gateway is

I have put a third router with "public" ip and private ip

When the pc want to access pc it's works (LAN to WAN).  But when pc want to access pc (WAN to LAN) it doesn't work except if I change default gateway on pc to

Is it clear?
Bill BachPresident and Btrieve GuruCommented:
Why do you have three routers?  In even the "simple" scenario, there should be ONE router, like this:
192.168.0 Subnet ------- ROUTER ------- 192.168.1 Subnet

A router, by definition, has TWO (or more) network addresses.

The third router has no business being there, as it will be a duplicate of the first two, and I believe even the second should not be there, either.

Both networks should be able to speak with each other.  The definition of "LAN" and "WAN" also makes no sense -- these are BOTH going to be local subnets, right?  If you use "home" type routers, they may call one network the WAN and one the LAN, but as long as you configure the firewall rules to allow this connectivity, then you should be OK.
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

DanielBlaisAuthor Commented:
I have 2 internet connection.  A t1 for the production network and a cable modem for dev network.  It's why we have the 2 first routers.  Those 2 networks need to be separate for security reason. (i don't want file sharing to works).  I want access FTP, Terminal Server and SQ with the speed of a LAN.
Bill BachPresident and Btrieve GuruCommented:
Ahh -- that makes a bit more sense then.

The most simplistic solution would be to keep both networks completely separate.  Place a second NIC in each server (FTP, Term Server, and database server), and connect one NIC to each network, and make sure that you DISABLE any routing on the server itself.  

This has the advantage of REAL simplicity.  I'd even recommend using different colored patch cables for connecting the machines so that you know which network is which.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bill BachPresident and Btrieve GuruCommented:
If you really don't want to go this route, then I would recommend investing in a good (e.g. Cisco) router that is designed for this purpose.  You could then create static routes to link the two subnets where appropriate and allow just the few ports through.  However, if the number of servers with shared access is minimal (as I suspect that it is), then you'll be better served with two NICs in the servers.  (Then, if one production fails, you can use the Dev NIC as a backup by simply reconfiguring the connection until a new NIC arrives.)
DanielBlaisAuthor Commented:
we currently have 4 sql server, 1 web server and 9 other server in the production network.  And about 15 in the dev network.

I was thinking about putting a second NIC into the web server, which is the one our employees access all the day (intranet) but I was searching if there was another way to do that.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.