Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

2 Linksys WRT; Secure and Un Secure

Posted on 2011-02-22
9
Medium Priority
?
674 Views
Last Modified: 2013-12-09
I want to accomplish secure and unsecure wireless access with 2 Linksys WRT wireless routers.  I would like to have the internet connected to router 1 with LAN 192.168.1.1.  I would then connect router 2 internet port to router 1 lan port.  The router 2 WAN would be 192.168.1.2 and LAN would be 192.168.2.1.  I get internet on both routers just fine.  The problem is that from router 2's network (192.168.2.x) I can browse and see computers and shared resources on router 1's network (192.168.1.x).  I don't want this as router 1 needs to be secure.  I could just switch the routers around (router 2 connected to the internet and router 1 connected to router 2), but I need some port forwards to the secure subnet.  Any ideas???
0
Comment
Question by:etechit
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961414
You would need to use 2 VLANS to separate the 192.168.1.x ports from the downstream WRT 192.168.2.x port.

Then you create IP table rules to block traffic between those 2 subnets while allowing everything else.  

Here are the walkthroughs you need:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160
0
 
LVL 1

Author Comment

by:etechit
ID: 34962681
Thank you, I am familiar with DD WRT.  Unfortuneately a constriant of the project is that the standard Linksys firmware must be on the "secure" router.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34963279
I misunderstood WRT to mean DD-wrt.   My bad.  

I don't think you can do this with 'stock' linksys software.  
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 1

Author Comment

by:etechit
ID: 34963400
Ok, no problem.  My other though was to flip this around; router 2 (192.168.2.x) connect to internet, router 1 (192.168.1.x) WAN connected to router 2 LAN, router 2 WAN would be static IP 192.168.2.2.  I would then set a DMZ in router 2 as 192.168.2.2 which should forward all traffic to the WAN of router 1.  Since router 1 would be protected by its SPI firewall, unsecure users on router 2 could not access secure reources on router 1's network.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 1000 total points
ID: 34966462
You need to have a network switch that supports vLANS. Since you want to use the Linksys firmware(as bad as it is) this is the only way.

Get a net gear 16 port switch managed switch.

You will have to use port based vLANS to prevent traffic from each network from seeing each other.
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 1000 total points
ID: 34966954
Nappy_d is right.   To really secure this, you need a layer 3 switch that can do vlans.        DD-WRT or open-wrt running on linksys hardware has this ability.    If you stick with native linksys firmware, you may have a real mess on your hands.  Linksys OS is just not built to support that.  

You could look at a higher end cisco/linksys model.  IIRC, some of the higher end 4400's had vlans (dont quote me on that though).   netgear has some decent lower end models that do vlans/voicevlan support also.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 34996538
Ho any further updates?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35349231
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question