Solved

2 Linksys WRT; Secure and Un Secure

Posted on 2011-02-22
9
666 Views
Last Modified: 2013-12-09
I want to accomplish secure and unsecure wireless access with 2 Linksys WRT wireless routers.  I would like to have the internet connected to router 1 with LAN 192.168.1.1.  I would then connect router 2 internet port to router 1 lan port.  The router 2 WAN would be 192.168.1.2 and LAN would be 192.168.2.1.  I get internet on both routers just fine.  The problem is that from router 2's network (192.168.2.x) I can browse and see computers and shared resources on router 1's network (192.168.1.x).  I don't want this as router 1 needs to be secure.  I could just switch the routers around (router 2 connected to the internet and router 1 connected to router 2), but I need some port forwards to the secure subnet.  Any ideas???
0
Comment
Question by:etechit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961414
You would need to use 2 VLANS to separate the 192.168.1.x ports from the downstream WRT 192.168.2.x port.

Then you create IP table rules to block traffic between those 2 subnets while allowing everything else.  

Here are the walkthroughs you need:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160
0
 
LVL 1

Author Comment

by:etechit
ID: 34962681
Thank you, I am familiar with DD WRT.  Unfortuneately a constriant of the project is that the standard Linksys firmware must be on the "secure" router.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34963279
I misunderstood WRT to mean DD-wrt.   My bad.  

I don't think you can do this with 'stock' linksys software.  
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 1

Author Comment

by:etechit
ID: 34963400
Ok, no problem.  My other though was to flip this around; router 2 (192.168.2.x) connect to internet, router 1 (192.168.1.x) WAN connected to router 2 LAN, router 2 WAN would be static IP 192.168.2.2.  I would then set a DMZ in router 2 as 192.168.2.2 which should forward all traffic to the WAN of router 1.  Since router 1 would be protected by its SPI firewall, unsecure users on router 2 could not access secure reources on router 1's network.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 250 total points
ID: 34966462
You need to have a network switch that supports vLANS. Since you want to use the Linksys firmware(as bad as it is) this is the only way.

Get a net gear 16 port switch managed switch.

You will have to use port based vLANS to prevent traffic from each network from seeing each other.
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 250 total points
ID: 34966954
Nappy_d is right.   To really secure this, you need a layer 3 switch that can do vlans.        DD-WRT or open-wrt running on linksys hardware has this ability.    If you stick with native linksys firmware, you may have a real mess on your hands.  Linksys OS is just not built to support that.  

You could look at a higher end cisco/linksys model.  IIRC, some of the higher end 4400's had vlans (dont quote me on that though).   netgear has some decent lower end models that do vlans/voicevlan support also.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 34996538
Ho any further updates?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35349231
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question