How to isolate two groups of people sharing one internet connection?

Discussion in 'General Hardware' started by thepunkerguy, Nov 2, 2009.

  1. thepunkerguy

    thepunkerguy OSNN Junior Addict

    Messages:
    13
    Ok, so I have a single internet connection that comes into a router. That router is then used by a certain group of people to get on the internet. What I then want to do is take an ethernet cable from that router to some other device (router/firewall, whatever) that will then provide internet to a second group of people. The issue that I need to solve is that I want to make sure there is some type of complete isolation between the two groups of people. Mainly, I don't want any computers on the first main router to be able to see or access any devices on the second router/device. Also, I cannot change anything that has to do with the first main router. I need a hardware solution, simply turning off or passwording file sharing on the computers will not do what I need.

    I am sure I can make it work fine with the right options in the right router or hardware firewall but I am not sure what I need. A second internet connection is out of the question. I have a spare D-link DIR-615 router that I daisy chained off the first main router (ethernet cable from a port on first main router to WAN port on DIR-615) and I can get internet to come out of the DIR-615 to the second group of people, but there is no type of wall between the two groups of people on the two different routers. People on the first router can see people on the second router and vice-versa, that is what I am trying to eliminate. Maybe the DIR-615 can be configured to separate its users from the users on the first router that are coming in through the WAN port? I know the DIR-615 has a ton of settings/options but I have know idea what one to use that would make this work. If the DIR-615 won't work, what other device could I use and how do I configure it properly? Any suggestions would be greatly appreciated! I am sure there is a simple/cheap solution. Thanks so much guys!
    - Mike
     
  2. hansrijf

    hansrijf sh! it stinks Folding Team

    Messages:
    277
    Location:
    Amsterdam, The Netherlands
    can you get the mac adresses of the pc's? Then you can, when you set up both routers with one of the two routers as a repeater with a different lan address (fi 192.168.1.1 and 192.168.0.1), shut either pc out from either network by using the mac lists in the routers.

    Well, at least I would try this but I am not a network geek...
     
  3. thepunkerguy

    thepunkerguy OSNN Junior Addict

    Messages:
    13
    Thanks for the suggestion! That won't really work for me though.. I really need something that doesn't have to be configured per computer because computers change on both ends change often.
    - Mike
     
  4. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    You need three boxes not two. As long as one router feeds from the other you can't isolate one lan.

    Option 1- Buy two IP adresses. Tie two routers to the one incoming line and give each router it's own IP address. Complete isolation providd by the ISP. Only uses one internet line.

    Option 2 - setup a PC to act as an internet server. With appropriate software and multiple NIC cards it will do what you want.

    Option 3- not sure if this will work. Use 3 routers. First ties to the ISP and one output to each of the second routers. The second 2 routers then serve as firewalls from each other supplying local ip's to the PCs on their lan. If the PCs behind the second router you currently have are hidden from the PCs on the first router this approach will work. All three routers should have for DHCP on.
     
  5. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    option 2 or 3 as LeeJend suggests would work best in my opinion... since you don't have access to the config on the main router, it limits you pretty severely.

    Why don't you have access to the internet facing router? Is it managed by the provider? what kind of hardware is it?
     
  6. thepunkerguy

    thepunkerguy OSNN Junior Addict

    Messages:
    13
    Alright guys, well I figured out a little bit tonight.
    I hooked it up where I just daisy chained the two routers (plugged an ethernet cable from the main router to the WAN port on my D-link DIR-615)
    Initially, I had though that this setup wouldn't do what I want because when connected to the second router I could still see items connected to the first router. I mistakenly assumed that since computers on the second router could see the first that the opposite was true and people on the first router could see people on the second router. This isn't the case. I tried every trick I know and while connected to the first router there was no way I could access anything on computers connected to the second router. I guess this is where the NAT comes in and does it's job. That is ultimately what I was trying to achieve, so I am probably going to leave it at that for now. Thanks guys!
    - Mike