Wireless Hotspot - Have I used the correct hardware & IP configuration for good security?

Posted on 2009-05-25
Medium Priority
Last Modified: 2012-05-07
Hi all

I  have been asked to implement a (low cost!) Free wifi hotspot for the bar area of a small local hotel. The options of a managed hotspot (ongoing fee) and hotspot router (@£400) were not feasible, so after some investigation I added a second router to the existing modem router setup, put them on separate subnets (IPs are and and used the DSL router as the hotspot and the LAN attached cable router as the private LAN router/access point.

Please see diagram for detailed setup information.

This is working ok but I need to move the hotspot router to a better location, and this means extending both the LAN and the DSL phone cable by 10-20 metres. It would be simpler to swap the routers around and use the DSL router as the private (in the office) and relocate the second router to the better location.

My problem is that if I swap the routers, and set up the downstream (LAN attached) router as the public hotspot - on, and the DSL router as the private network (, I can still connect from the public side ( to the private side ( and access private resources despite them being on different subnets ( and

I have assumed that this is because the public router on is 'bridged' to the Internet IP address ( supplied by the DSL router ( and can therefore see all of the private side too.

My question is: Can I re-arrange the routers (see preferred) to route the 'public' traffic through to the 'private' DSL router's internet connection without compromising the security of the private network?
Question by:Adrian Bowden
  • 5

Author Comment

by:Adrian Bowden
ID: 24465698
Help - Can't seem to attach any files??

Author Comment

by:Adrian Bowden
ID: 24465731
Ok - IE8 doesn't seem to like the add files dialog. Switched to 'Compatibility View' mode and all ok.

Accepted Solution

MiamiCo earned 1500 total points
ID: 24508134
Q: "Can I re-arrange the routers (see preferred) to route the 'public' traffic through to the 'private' DSL router's internet connection without compromising the security of the private network?"

A: Yes if you can set VLANs on that Office Router, one for public interface where is public router connected and another VLAN on interfaces where are office clients connected.

And you can set some routing on the office router. You can set routing from "public" interface ( interface where is public router connected) only to WAN interface (where is DSL connected).
So that clients connected to public router will be routed directly to internet ( this can be set as static route on office router)
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.


Author Comment

by:Adrian Bowden
ID: 24517312

VLANs and static routes ?

I'm not sure that these Netgear devices support VLANs, but I will investigate further on both issues.
Could you possibly explain a little more, or give me examples of router settings for each option you have mentioned?  

I also have the option of adding a WG102 Wireless AP to the 'current' set up which does support VLAN, but would it need to be configured on both routers for it to operate correctly?  


Author Comment

by:Adrian Bowden
ID: 25011674
Very unimpressed with the complete lack of response to this question.

I eventually added a WG102 access point in the bar, connected to the DSL router, then added a WPN824 (wired) router from the DSL router to provide the back end (private access).

Points awarded to MiamiCo for just for replying with a possible solution.


Author Closing Comment

by:Adrian Bowden
ID: 31584973
Thank you for your response.

Featured Post

Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

An article on effective troubleshooting
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question