I have been asked to implement a (low cost!) Free wifi hotspot for the bar area of a small local hotel. The options of a managed hotspot (ongoing fee) and hotspot router (@£400) were not feasible, so after some investigation I added a second router to the existing modem router setup, put them on separate subnets (IPs are 192.168.0.1 and 10.0.0.1) and used the DSL router as the hotspot and the LAN attached cable router as the private LAN router/access point.
Please see diagram for detailed setup information.
This is working ok but I need to move the hotspot router to a better location, and this means extending both the LAN and the DSL phone cable by 10-20 metres. It would be simpler to swap the routers around and use the DSL router as the private (in the office) and relocate the second router to the better location.
My problem is that if I swap the routers, and set up the downstream (LAN attached) router as the public hotspot - on 10.0.0.1, and the DSL router as the private network (192.168.0.1), I can still connect from the public side (10.0.0.2) to the private side (192.168.0.1) and access private resources despite them being on different subnets (255.255.255.0 and 255.0.0.0).
I have assumed that this is because the public router on 10.0.0.1 is 'bridged' to the Internet IP address (192.168.0.2) supplied by the DSL router (192.168.0.1) and can therefore see all of the private side too.
My question is: Can I re-arrange the routers (see preferred) to route the 'public' traffic through to the 'private' DSL router's internet connection without compromising the security of the private network?