Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2 Linksys WRT; Secure and Un Secure

Posted on 2011-02-22
9
Medium Priority
?
672 Views
Last Modified: 2013-12-09
I want to accomplish secure and unsecure wireless access with 2 Linksys WRT wireless routers.  I would like to have the internet connected to router 1 with LAN 192.168.1.1.  I would then connect router 2 internet port to router 1 lan port.  The router 2 WAN would be 192.168.1.2 and LAN would be 192.168.2.1.  I get internet on both routers just fine.  The problem is that from router 2's network (192.168.2.x) I can browse and see computers and shared resources on router 1's network (192.168.1.x).  I don't want this as router 1 needs to be secure.  I could just switch the routers around (router 2 connected to the internet and router 1 connected to router 2), but I need some port forwards to the secure subnet.  Any ideas???
0
Comment
Question by:etechit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961414
You would need to use 2 VLANS to separate the 192.168.1.x ports from the downstream WRT 192.168.2.x port.

Then you create IP table rules to block traffic between those 2 subnets while allowing everything else.  

Here are the walkthroughs you need:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160
0
 
LVL 1

Author Comment

by:etechit
ID: 34962681
Thank you, I am familiar with DD WRT.  Unfortuneately a constriant of the project is that the standard Linksys firmware must be on the "secure" router.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34963279
I misunderstood WRT to mean DD-wrt.   My bad.  

I don't think you can do this with 'stock' linksys software.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:etechit
ID: 34963400
Ok, no problem.  My other though was to flip this around; router 2 (192.168.2.x) connect to internet, router 1 (192.168.1.x) WAN connected to router 2 LAN, router 2 WAN would be static IP 192.168.2.2.  I would then set a DMZ in router 2 as 192.168.2.2 which should forward all traffic to the WAN of router 1.  Since router 1 would be protected by its SPI firewall, unsecure users on router 2 could not access secure reources on router 1's network.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 1000 total points
ID: 34966462
You need to have a network switch that supports vLANS. Since you want to use the Linksys firmware(as bad as it is) this is the only way.

Get a net gear 16 port switch managed switch.

You will have to use port based vLANS to prevent traffic from each network from seeing each other.
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 1000 total points
ID: 34966954
Nappy_d is right.   To really secure this, you need a layer 3 switch that can do vlans.        DD-WRT or open-wrt running on linksys hardware has this ability.    If you stick with native linksys firmware, you may have a real mess on your hands.  Linksys OS is just not built to support that.  

You could look at a higher end cisco/linksys model.  IIRC, some of the higher end 4400's had vlans (dont quote me on that though).   netgear has some decent lower end models that do vlans/voicevlan support also.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 34996538
Ho any further updates?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35349231
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
How does someone stay on the right and legal side of the hacking world?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question