Solved

2 Linksys WRT; Secure and Un Secure

Posted on 2011-02-22
9
667 Views
Last Modified: 2013-12-09
I want to accomplish secure and unsecure wireless access with 2 Linksys WRT wireless routers.  I would like to have the internet connected to router 1 with LAN 192.168.1.1.  I would then connect router 2 internet port to router 1 lan port.  The router 2 WAN would be 192.168.1.2 and LAN would be 192.168.2.1.  I get internet on both routers just fine.  The problem is that from router 2's network (192.168.2.x) I can browse and see computers and shared resources on router 1's network (192.168.1.x).  I don't want this as router 1 needs to be secure.  I could just switch the routers around (router 2 connected to the internet and router 1 connected to router 2), but I need some port forwards to the secure subnet.  Any ideas???
0
Comment
Question by:etechit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961414
You would need to use 2 VLANS to separate the 192.168.1.x ports from the downstream WRT 192.168.2.x port.

Then you create IP table rules to block traffic between those 2 subnets while allowing everything else.  

Here are the walkthroughs you need:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160
0
 
LVL 1

Author Comment

by:etechit
ID: 34962681
Thank you, I am familiar with DD WRT.  Unfortuneately a constriant of the project is that the standard Linksys firmware must be on the "secure" router.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34963279
I misunderstood WRT to mean DD-wrt.   My bad.  

I don't think you can do this with 'stock' linksys software.  
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:etechit
ID: 34963400
Ok, no problem.  My other though was to flip this around; router 2 (192.168.2.x) connect to internet, router 1 (192.168.1.x) WAN connected to router 2 LAN, router 2 WAN would be static IP 192.168.2.2.  I would then set a DMZ in router 2 as 192.168.2.2 which should forward all traffic to the WAN of router 1.  Since router 1 would be protected by its SPI firewall, unsecure users on router 2 could not access secure reources on router 1's network.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 250 total points
ID: 34966462
You need to have a network switch that supports vLANS. Since you want to use the Linksys firmware(as bad as it is) this is the only way.

Get a net gear 16 port switch managed switch.

You will have to use port based vLANS to prevent traffic from each network from seeing each other.
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 250 total points
ID: 34966954
Nappy_d is right.   To really secure this, you need a layer 3 switch that can do vlans.        DD-WRT or open-wrt running on linksys hardware has this ability.    If you stick with native linksys firmware, you may have a real mess on your hands.  Linksys OS is just not built to support that.  

You could look at a higher end cisco/linksys model.  IIRC, some of the higher end 4400's had vlans (dont quote me on that though).   netgear has some decent lower end models that do vlans/voicevlan support also.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 34996538
Ho any further updates?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35349231
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question