Link to home
Start Free TrialLog in
Avatar of etechit
etechitFlag for United States of America

asked on

2 Linksys WRT; Secure and Un Secure

I want to accomplish secure and unsecure wireless access with 2 Linksys WRT wireless routers.  I would like to have the internet connected to router 1 with LAN 192.168.1.1.  I would then connect router 2 internet port to router 1 lan port.  The router 2 WAN would be 192.168.1.2 and LAN would be 192.168.2.1.  I get internet on both routers just fine.  The problem is that from router 2's network (192.168.2.x) I can browse and see computers and shared resources on router 1's network (192.168.1.x).  I don't want this as router 1 needs to be secure.  I could just switch the routers around (router 2 connected to the internet and router 1 connected to router 2), but I need some port forwards to the secure subnet.  Any ideas???
Avatar of MikeKane
MikeKane
Flag of United States of America image
You would need to use 2 VLANS to separate the 192.168.1.x ports from the downstream WRT 192.168.2.x port.

Then you create IP table rules to block traffic between those 2 subnets while allowing everything else.  

Here are the walkthroughs you need:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160
Avatar of etechit
etechit
Flag of United States of America image

ASKER

Thank you, I am familiar with DD WRT.  Unfortuneately a constriant of the project is that the standard Linksys firmware must be on the "secure" router.
Avatar of MikeKane
MikeKane
Flag of United States of America image
I misunderstood WRT to mean DD-wrt.   My bad.  

I don't think you can do this with 'stock' linksys software.  
Avatar of etechit
etechit
Flag of United States of America image

ASKER

Ok, no problem.  My other though was to flip this around; router 2 (192.168.2.x) connect to internet, router 1 (192.168.1.x) WAN connected to router 2 LAN, router 2 WAN would be static IP 192.168.2.2.  I would then set a DMZ in router 2 as 192.168.2.2 which should forward all traffic to the WAN of router 1.  Since router 1 would be protected by its SPI firewall, unsecure users on router 2 could not access secure reources on router 1's network.
ASKER CERTIFIED SOLUTION
Avatar of Irwin W.
Irwin W.
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of MikeKane
MikeKane
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Irwin W.
Irwin W.
Flag of Canada image
Ho any further updates?
Avatar of Qlemo
Qlemo
Flag of Germany image
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.