iron man is anemic

Well thats how i have my current configuration setup, and i can tell you it works. but the only problem im having with it, and was the reason for this original post was the second device that is connected from its wan to the primary devices lan port has full access to the entire network while it doesnt go upstream since the first router drops all unsolicited data coming into the wan port. thats why i am wanting to use a 3rd device as a man in the middle so to speak. it would allow both wireless routers access to the internet without the possability of cross talk thus not compromising the security of my side of the network. And any devices connected to the middle device would be accessable by both networks, so you could setup a network storage device in the middle router allowing sharing of files between the two networks without having to allow traffic to cross directly from one side to the other. To break it down it would work like this: 1 over all network with 2 sub networks, sub network A & B sub networks A & B arent able to directly comunicate to each other due to the firewalling capabilities of the routers due to there configuration to each other as to preserve there individual security, but will share a common internet connection any devices (I.E. NAS, Servers, media pc's, etc...) connected at the "bridge" router will be accessable by both sub networks. Since 3 routers will be connected together in a Y wan to lan configuration: sub A wan to main lan, sub B wan to main lan. anything not asked for a specific computer inside the "firewalled" sub network will be dropped. The only thing i would need to make sure of is that all 3 routers use different ip ranges, or else things could get hairy real quick i think. I think this configuration could drasticly reduce the load on the overall network as all local traffic would be isolated to one sub network while the rest is unaffected. It makes sense in my head but i could be 10000000% off on how this will work and if it will work at all.

Ok, i have read everyones comments and believe the easiest way i can do this is the way i was describing. I modified the pic that was attached above to reflect what im planing to do, please let me know if its a good idea or not, or if you cant understand it.

i thought about the virtual lan, but my router doesnt support it. I think what im just going to end up doing is getting a Ethernet router and connect both wireless routers to it via there wan ports so they truly are independent of each other, but share a common Internet connection. Ive been looking at the d-link dgl-4100, it is a GamerLounge model and would complement my dgl-4500 quite nicely. Plus i could use the GameFuel to prioritise between the two different networks since we both are gamers, but wont necessarily gaming at the same time. so one of us would be able to be gaming and not be affected by the other persons web browsing/downloading. And i believe it would be possible to be able to attach a NAS to the dgl-4100 to allow sharing of files and common storage between the two networks, as everything after the wan port would be accessible by both sides. Another reason why i like my network seperate from the network, is so i can do R&D without effecting the bandwidth of the overall network, just my corner of the network would be affected by anything i am working on. and the same for my roomate, if he has anything he is working on it wont affect me. Questions, comments, complaints anyone?

Hello, im a noob when it comes to alot of advanced networking and linux things so please forgive my ignorance, but here is what im trying to do. I have my main d-link dgl-4500 wireless router hooked up via lan cables to my ps3, cable modem, media PC, and wireless to my laptop. When we tried to connect my roomates ps3 to my wireless network it would timeout due to how its configured and the ps3 being picky with wireless networks. Since his ps3 was in another room its not economical to run a lan cable to my router, so i connected his wireless router (a netgear WGR614) to mine (lan port of d-link to wan port of netgear) since i knew his ps3 will connect to his router just fine. While this setup works, what im worried about is someone gaining access to my network via his wireless router, as he is able to view my networked computers and gain access to the web configuration of the d-link router. I have my d-link router configured to be hidden with a 64 character sudo random password and WPA2 personal using the AES cipher, as to prevent unauthorized access to my network, but his is alot more simplistic (ie: discoverable, short password, default configuration password), as to keep the compatability with all of his devices he runs (ie: macbook, ipod touch, ps3, etc...). Is there a way to limit the access of the netgear router to internet only so it doesnt comprimise the security of my network, or will i need a purely wired router as an intermediary to completely seperate the 2 wireless networks? If you cant tell im a bit paranoid about my security.

Thanks everyone for the info. I know my nic in my desktop, and the one in my laptop already support network booting, i think its the pxe standard but i could be wrong on that. I just didnt know how to set it up so it would know what to boot from on the iscsi target if there were say more than one image or partitions to choose from. would i need a second server as a man in the middle type setup? Basically to say oh MAC address (whatever) is trying to netboot, he needs x image/partition on the iscsi nas, let me initiate this for them and point the computer to the correct place. is that about how it works or am i totally wrong? If not i would have to install firmware into my nic then, to be able to configure the iscsi san settings, so it knows where to go to retrieve the image correct? Also can the os be a copy ie like in its own partition on the NAS server or would an image be the best? If an image is the best how do you adjust the file size since its essentially acting as the HDD and defining the parameters? Ive read about 10 different things showing me all different ways to do this and i dont know whats right or even the best way to do it. Its not something im going to implement long term, just something that i want to experiment with since im planing on building a iscsi server with esxi and freenas. Sorry for my rambling...

I dont know if they have covered this on a previous show or has been talked about on the forums before, but im wanting to know about diskless booting, and more specifically over iscsi. I know its possible, i just cant seem to get a straight forward answer as to what this takes to implement. Also, what would be the limitations of this, i mean could you conceivably boot from over the internet, provided both server and workstation had a fast enough internet connection? Anyone have any input? A possible idea for a future show?