Solved Isolate Subnets, Share Internet

June 19, 2012 at 17:18:39
Specs: Windows 7 Ultimate, Core 2 duo E4800 / 4 GB
Hi All,

I am trying to setup a network for my office. Here is the situation: I have two different subnets. One subnet for the office, and another subnet for visitors. I do NOT want the two subnets to be able to communicate; however, they must share one internet connection. The way I currently have it configured is with the WAN connection going into a router (router A). Then I have 2 routers (routers B and C) plugged into that first router (for a total of 3 routers). Router B is on the 192.168.10.0/24 subnet, while router C is on the 192.168.15.0/24 subnet. Router B and C have their gateway's set as Router A, and as a result can both get internet access. However, with this configuration computers on the 192.168.10.0/24 subnet and computers on the 192.168.15.0/24 subnet are able to communicate. This presents a security risk for my company. Is there anyway I can prevent the 2 subnets from communicating with each other? These are very basic Linksys SOHO routers.


See More: Isolate Subnets, Share Internet

Report •

✔ Best Answer
June 20, 2012 at 10:21:52
Please post to help the OP and not about rambling reasoning that does not offer a solution to the problem or really any specifics at all.

That point aside, the proper setup would have been to use a vlan switch to segment the network and not ip subnetting.

Given the equipment at hand the correct setup would be as follows;

Router A is the guest network
Router B is the business network
No Router C.

A is connected to the internet. B is connected to A.
This results in both having internet but those on A can not get to B.

I am curious as to how you badmanrc are determining under the current configuration that B can access C and visa versa?

Technically 192.168.10.0/24 subnet can't talk to 192.168.15.0/24 subnet without a router providing the path. SOHO routers have no routing on the lan ports.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's



#1
June 19, 2012 at 18:24:48
badmanrc

How are the routers B and C connected to router A.
When you connect the WAN port of the routers B and C to a LAN port of router A, it shouldn't be possible, that both subnets can communicate to each other.


Report •

#2
June 19, 2012 at 18:41:17
Paulsep,

I have it connected just as you said. The WAN port on router B and C are connected to the LAN ports on router A. They are still able to communicate since they both have a common gateway (router A).

Jefro,

So do you think I should use something like a sonicwall or other hardware firewall between router A and the office router to block access by unauthorized individuals? And if so, can I use this to block an IP address range?


Report •

#3
June 19, 2012 at 18:47:02
The router A should have an internal ip of e.g. 192.168.20.1/24.
The WAN port of router B should have 192.168.20.2/24, default gateway 192.168.0.1, dns server 192.168.20.1
The WAN port of router C should have 192.168.20.3/24, default gateway 192.168.0.1, dns server 192.168.20.1

Report •

Related Solutions

#4
June 20, 2012 at 10:02:13
Firewall appliances have a great use in protecting a company. A common or even some advanced routers simply can not provide the control you need. Layer 7+ routers tend to be used where one need the best control.

It is difficult to control individuals in a normal sense. They have physical access and can get buy somethings if they are smart enough. You can use proxy settings to send to a user to control access or other authentication means. A blanket firewall that blocks all unneeded applications and web sites is the normal best starting point.

Companies like Sonicwall and others provide good products to industry. They are hardware devices and tend to be very fast. You could make a software based firewall from free or pay operating systems or even old computers. If you need some speed, these software based may be a choke point. See untangle.com if you want to make one.

By the way someone is deleting posts. Please stop it.

Hang up and live.


Report •

#5
June 20, 2012 at 10:21:52
✔ Best Answer
Please post to help the OP and not about rambling reasoning that does not offer a solution to the problem or really any specifics at all.

That point aside, the proper setup would have been to use a vlan switch to segment the network and not ip subnetting.

Given the equipment at hand the correct setup would be as follows;

Router A is the guest network
Router B is the business network
No Router C.

A is connected to the internet. B is connected to A.
This results in both having internet but those on A can not get to B.

I am curious as to how you badmanrc are determining under the current configuration that B can access C and visa versa?

Technically 192.168.10.0/24 subnet can't talk to 192.168.15.0/24 subnet without a router providing the path. SOHO routers have no routing on the lan ports.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#6
June 20, 2012 at 12:22:04
Wanderer,

I am determining that B and C can communicate because from the guest network I am able to ping servers and actually connect to servers using the private IP address. The setup with the two routers sound like a good idea. Thanks. I'll give it a try when I get a chance.

Paulsep,

I don't really see the way you described as working. Where are you getting this 192.168.0.1 for the default gateway? With the way you described, that address would not point to any device on the network (assuming router A is on the 192.168.20.0/24 subnet, Router B is on the 192.168.10.0/24 subnet, and Router C is on the 192.168.15.0/24 subnet). Since the default gateway of both of the routers is incorrect I would not be able to get internet connection. This configuration is almost correct, except the default gateway on Router B and C should be 192.168.20.1. In fact, this is how I have it now, but this allows the two subnets to communicate.


Report •

#7
June 20, 2012 at 22:01:51
badmanrc

I assumed, that you change the default gateway for the routers B and C to match your needs.

I haven't seen, that you mentioned the default gateway 192.168.0.1 in you post.


Report •

Ask Question