We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Add wireless router for internet access only

gcpllc
gcpllc asked
on
Medium Priority
1,001 Views
Last Modified: 2013-11-09
I have an existing LAN setup with a Linksys BEFSR81 router.  I would like to add a Netgear WGR614 router for wireless access only to the internet.   I'd like the existing users on the Linksys router to maintain internet and LAN access.   Simply put, I want to segregate wireless users and only give them the ability to access the internet.

Currently have the Linksys router plugged into the Business Gateway from our ISP.  The Netgear router is plugged from Netgear WAN port to Linksys LAN port.  I do not want to reconfigure existing LAN nor do I want to place the Netgear router in between the ISP gateway and the Linksys router even though I'm sure this would solve the problem.

Existing Linksys router LAN settings:
router IP:  192.168.1.1
Subnet mask:  255.255.255.0

The Netgear WAN settings are set to the same subnet but outside the range of the Linksys DHCP server.  I've set the Netgear LAN to a different subnet but it still has access to Linksys LAN.
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
Just connect the router to your LAN through it's WAN port and enable it's internal DHCP server. This should prevent access to the LAN itself but it'll work as gateway to the internet.

Commented:
If you place the Netgear behind the Linksys, then no matter what, any crafty user will be able to access the LAN of the Linksys.  You see, the Netgear will have a 192.168.1.x ip address, which places it on the same subnet as your Linksys LAN.  Of course. you will have to turn on DHCP on the Netgear in order for wireless users to get ip and gateway information.  Anyone can do a traceroute and see what the next hop ip address is.  They can then start port scanning away.
So, based on the equipment that you have, you will need to place the Netgear in front of the Linksys.  This will solve the issue of preventing the wireless users from accessing your LAN.
Now with regard to the ip address scheme, there is no big deal there.  Just make sure that the Netgear LAN addressing is something else, like 192.168.25.x.  The Netgear will get the public ip address from your cable modem, and the Linksys will now get a 192.168.25.x ip for its WAN address.  The LAN of the Linksys remains unchanged.

Author

Commented:
rindi:  When the WAN port of the Netgear is plugged into an available LAN port, users still can see the LAN.  But I agree, that I originally thought that this would work.

API NOC:  your comments about visitbility with a tracert are well taken.   I was hoping there was way to manually set the Netgear as 'private' allowing internet only, but these off the shelf routers don't allow enough in the way of rules settings.  

If I do put the Netgear in front of the Linksys, I will have to set the Netgear with my static IP settings from my ISP, but what will this do to my port forwarding?  Can I port forward from my Netgear to a computer connected to my Linksys and therefore on a different subnet?
Commented:
Yes, this is possible.  You can put the Linksys in the DMZ of the Netgear and do the port forwarding.  Another way, which will double the effort is to put port forwarding on the Netgear to the 192.168.25.x ip of the Linksys, and then again do the port forward to the LAN side of the Linksys 192.168.1.x

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Ahh, yes, I should have thought about setting the 2nd router on the DMZ.  Thanks for the help.  I'll bite the bultet and put the wireless router in front of the wired router.  
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.