Reply
Old November 2nd, 2009 Top | #1
 
thepunkerguy's Avatar
OSNN Junior Addict
Joined: March 2004
Posts: 13
Reputation: 0
Power: 127

Default How to isolate two groups of people sharing one internet connection?

Ok, so I have a single internet connection that comes into a router. That router is then used by a certain group of people to get on the internet. What I then want to do is take an ethernet cable from that router to some other device (router/firewall, whatever) that will then provide internet to a second group of people. The issue that I need to solve is that I want to make sure there is some type of complete isolation between the two groups of people. Mainly, I don't want any computers on the first main router to be able to see or access any devices on the second router/device. Also, I cannot change anything that has to do with the first main router. I need a hardware solution, simply turning off or passwording file sharing on the computers will not do what I need.

I am sure I can make it work fine with the right options in the right router or hardware firewall but I am not sure what I need. A second internet connection is out of the question. I have a spare D-link DIR-615 router that I daisy chained off the first main router (ethernet cable from a port on first main router to WAN port on DIR-615) and I can get internet to come out of the DIR-615 to the second group of people, but there is no type of wall between the two groups of people on the two different routers. People on the first router can see people on the second router and vice-versa, that is what I am trying to eliminate. Maybe the DIR-615 can be configured to separate its users from the users on the first router that are coming in through the WAN port? I know the DIR-615 has a ton of settings/options but I have know idea what one to use that would make this work. If the DIR-615 won't work, what other device could I use and how do I configure it properly? Any suggestions would be greatly appreciated! I am sure there is a simple/cheap solution. Thanks so much guys!
- Mike
thepunkerguy is offline   Reply With Quote
Old November 2nd, 2009 Top | #2

OSNN Folding Team  
hansrijf's Avatar
sh! it stinks
Joined: December 2005
Location: Amsterdam, The Netherlands
Posts: 277
Reputation: 130
Power: 109

Default Re: How to isolate two groups of people sharing one internet connection?

can you get the mac adresses of the pc's? Then you can, when you set up both routers with one of the two routers as a repeater with a different lan address (fi 192.168.1.1 and 192.168.0.1), shut either pc out from either network by using the mac lists in the routers.

Well, at least I would try this but I am not a network geek...
hansrijf is offline   Reply With Quote
Old November 2nd, 2009 Top | #3
 
thepunkerguy's Avatar
OSNN Junior Addict
Joined: March 2004
Posts: 13
Reputation: 0
Power: 127

Default Re: How to isolate two groups of people sharing one internet connection?

Originally Posted by hansrijf View Post
can you get the mac adresses of the pc's? Then you can, when you set up both routers with one of the two routers as a repeater with a different lan address (fi 192.168.1.1 and 192.168.0.1), shut either pc out from either network by using the mac lists in the routers.

Well, at least I would try this but I am not a network geek...
Thanks for the suggestion! That won't really work for me though.. I really need something that doesn't have to be configured per computer because computers change on both ends change often.
- Mike
thepunkerguy is offline   Reply With Quote
Old November 3rd, 2009 Top | #4
 
LeeJend's Avatar
OSNN Veteran Addict
Joined: January 2003
Location: Fort Worth, TX
Posts: 5,291
Reputation: 3386
Power: 226

Default Re: How to isolate two groups of people sharing one internet connection?

You need three boxes not two. As long as one router feeds from the other you can't isolate one lan.

Option 1- Buy two IP adresses. Tie two routers to the one incoming line and give each router it's own IP address. Complete isolation providd by the ISP. Only uses one internet line.

Option 2 - setup a PC to act as an internet server. With appropriate software and multiple NIC cards it will do what you want.

Option 3- not sure if this will work. Use 3 routers. First ties to the ISP and one output to each of the second routers. The second 2 routers then serve as firewalls from each other supplying local ip's to the PCs on their lan. If the PCs behind the second router you currently have are hidden from the PCs on the first router this approach will work. All three routers should have for DHCP on.


Thought for the new millenium:

In a world without walls and fences, who needs Windows and Gates?

- Open Office - Firefox - Thunderbird - Gimp -Ubuntu - Red Hat -
LeeJend is offline   Reply With Quote
Old November 3rd, 2009 Top | #5

OSNN Folding Team  
fitz's Avatar
Just Floating Along
Joined: April 2004
Location: Chicagoland
Posts: 4,067
Reputation: 2947
Power: 194

Default Re: How to isolate two groups of people sharing one internet connection?

option 2 or 3 as LeeJend suggests would work best in my opinion... since you don't have access to the config on the main router, it limits you pretty severely.

Why don't you have access to the internet facing router? Is it managed by the provider? what kind of hardware is it?
fitz is offline   Reply With Quote
Old November 4th, 2009 Top | #6
 
thepunkerguy's Avatar
OSNN Junior Addict
Joined: March 2004
Posts: 13
Reputation: 0
Power: 127

Default Re: How to isolate two groups of people sharing one internet connection?

Alright guys, well I figured out a little bit tonight.
I hooked it up where I just daisy chained the two routers (plugged an ethernet cable from the main router to the WAN port on my D-link DIR-615)
Initially, I had though that this setup wouldn't do what I want because when connected to the second router I could still see items connected to the first router. I mistakenly assumed that since computers on the second router could see the first that the opposite was true and people on the first router could see people on the second router. This isn't the case. I tried every trick I know and while connected to the first router there was no way I could access anything on computers connected to the second router. I guess this is where the NAT comes in and does it's job. That is ultimately what I was trying to achieve, so I am probably going to leave it at that for now. Thanks guys!
- Mike
thepunkerguy is offline   Reply With Quote

Reply

Thread Tools

Posting Rules

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sharing an internet connection vivid_vibe Windows Desktop Systems 7 July 3rd, 2005 3:13am
Help with Internet connection sharing Kafros Windows Desktop Systems 3 November 26th, 2002 12:14pm
Internet Connection Sharing TheBlueRaja Windows Desktop Systems 5 July 17th, 2002 6:06pm
Sharing Internet Connection With Xp And 98.. Help!! ThePunkerGuy Windows Desktop Systems 6 March 16th, 2002 11:24pm
XP/98 - Internet Connection Sharing JOB Windows Desktop Systems 7 February 8th, 2002 2:52am