How to isolate two groups of people sharing one internet connection?

T

thepunkerguy

OSNN Junior Addict
Joined
10 Mar 2004
Messages
13
Ok, so I have a single internet connection that comes into a router. That router is then used by a certain group of people to get on the internet. What I then want to do is take an ethernet cable from that router to some other device (router/firewall, whatever) that will then provide internet to a second group of people. The issue that I need to solve is that I want to make sure there is some type of complete isolation between the two groups of people. Mainly, I don't want any computers on the first main router to be able to see or access any devices on the second router/device. Also, I cannot change anything that has to do with the first main router. I need a hardware solution, simply turning off or passwording file sharing on the computers will not do what I need.

I am sure I can make it work fine with the right options in the right router or hardware firewall but I am not sure what I need. A second internet connection is out of the question. I have a spare D-link DIR-615 router that I daisy chained off the first main router (ethernet cable from a port on first main router to WAN port on DIR-615) and I can get internet to come out of the DIR-615 to the second group of people, but there is no type of wall between the two groups of people on the two different routers. People on the first router can see people on the second router and vice-versa, that is what I am trying to eliminate. Maybe the DIR-615 can be configured to separate its users from the users on the first router that are coming in through the WAN port? I know the DIR-615 has a ton of settings/options but I have know idea what one to use that would make this work. If the DIR-615 won't work, what other device could I use and how do I configure it properly? Any suggestions would be greatly appreciated! I am sure there is a simple/cheap solution. Thanks so much guys!
- Mike
 
can you get the mac adresses of the pc's? Then you can, when you set up both routers with one of the two routers as a repeater with a different lan address (fi 192.168.1.1 and 192.168.0.1), shut either pc out from either network by using the mac lists in the routers.

Well, at least I would try this but I am not a network geek...
 
hansrijf said:
can you get the mac adresses of the pc's? Then you can, when you set up both routers with one of the two routers as a repeater with a different lan address (fi 192.168.1.1 and 192.168.0.1), shut either pc out from either network by using the mac lists in the routers.

Well, at least I would try this but I am not a network geek...
Click to expand...

Thanks for the suggestion! That won't really work for me though.. I really need something that doesn't have to be configured per computer because computers change on both ends change often.
- Mike
 
You need three boxes not two. As long as one router feeds from the other you can't isolate one lan.

Option 1- Buy two IP adresses. Tie two routers to the one incoming line and give each router it's own IP address. Complete isolation providd by the ISP. Only uses one internet line.

Option 2 - setup a PC to act as an internet server. With appropriate software and multiple NIC cards it will do what you want.

Option 3- not sure if this will work. Use 3 routers. First ties to the ISP and one output to each of the second routers. The second 2 routers then serve as firewalls from each other supplying local ip's to the PCs on their lan. If the PCs behind the second router you currently have are hidden from the PCs on the first router this approach will work. All three routers should have for DHCP on.
 
option 2 or 3 as LeeJend suggests would work best in my opinion... since you don't have access to the config on the main router, it limits you pretty severely.

Why don't you have access to the internet facing router? Is it managed by the provider? what kind of hardware is it?
 
Alright guys, well I figured out a little bit tonight.
I hooked it up where I just daisy chained the two routers (plugged an ethernet cable from the main router to the WAN port on my D-link DIR-615)
Initially, I had though that this setup wouldn't do what I want because when connected to the second router I could still see items connected to the first router. I mistakenly assumed that since computers on the second router could see the first that the opposite was true and people on the first router could see people on the second router. This isn't the case. I tried every trick I know and while connected to the first router there was no way I could access anything on computers connected to the second router. I guess this is where the NAT comes in and does it's job. That is ultimately what I was trying to achieve, so I am probably going to leave it at that for now. Thanks guys!
- Mike
 
You must log in or register to reply here.

Members online

No members online now.
Total: 414 (members: 0, guests: 414)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back