iron man is anemic Posted January 24, 2010 Share Posted January 24, 2010 Hello, im a noob when it comes to alot of advanced networking and linux things so please forgive my ignorance, but here is what im trying to do. I have my main d-link dgl-4500 wireless router hooked up via lan cables to my ps3, cable modem, media PC, and wireless to my laptop. When we tried to connect my roomates ps3 to my wireless network it would timeout due to how its configured and the ps3 being picky with wireless networks. Since his ps3 was in another room its not economical to run a lan cable to my router, so i connected his wireless router (a netgear WGR614) to mine (lan port of d-link to wan port of netgear) since i knew his ps3 will connect to his router just fine. While this setup works, what im worried about is someone gaining access to my network via his wireless router, as he is able to view my networked computers and gain access to the web configuration of the d-link router. I have my d-link router configured to be hidden with a 64 character sudo random password and WPA2 personal using the AES cipher, as to prevent unauthorized access to my network, but his is alot more simplistic (ie: discoverable, short password, default configuration password), as to keep the compatability with all of his devices he runs (ie: macbook, ipod touch, ps3, etc...). Is there a way to limit the access of the netgear router to internet only so it doesnt comprimise the security of my network, or will i need a purely wired router as an intermediary to completely seperate the 2 wireless networks? If you cant tell im a bit paranoid about my security. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 24, 2010 Share Posted January 24, 2010 Give it a better password and add a WEP2 key. Either that or lock down the file wall rules on the client machines so that they only accept connections from your machines. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted January 24, 2010 Share Posted January 24, 2010 Can you VLAN him out? Quote Link to comment Share on other sites More sharing options...
Charles Posted January 24, 2010 Share Posted January 24, 2010 That's a good point, you could set up a VLAN. I don't think many of the (cheaper) home routers support VLANS tho. My older linksys flashed with DD-WRT does tho. Quote Link to comment Share on other sites More sharing options...
iron man is anemic Posted January 25, 2010 Author Share Posted January 25, 2010 i thought about the virtual lan, but my router doesnt support it. I think what im just going to end up doing is getting a Ethernet router and connect both wireless routers to it via there wan ports so they truly are independent of each other, but share a common Internet connection. Ive been looking at the d-link dgl-4100, it is a GamerLounge model and would complement my dgl-4500 quite nicely. Plus i could use the GameFuel to prioritise between the two different networks since we both are gamers, but wont necessarily gaming at the same time. so one of us would be able to be gaming and not be affected by the other persons web browsing/downloading. And i believe it would be possible to be able to attach a NAS to the dgl-4100 to allow sharing of files and common storage between the two networks, as everything after the wan port would be accessible by both sides. Another reason why i like my network seperate from the network, is so i can do R&D without effecting the bandwidth of the overall network, just my corner of the network would be affected by anything i am working on. and the same for my roomate, if he has anything he is working on it wont affect me. Questions, comments, complaints anyone? Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted January 25, 2010 Share Posted January 25, 2010 Set passwords to your router, disable broadcasting, put him in a DMZ, and change the IP to your router to something like 192.168.1.253. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 25, 2010 Share Posted January 25, 2010 Won't clients from the other AP be able to access your network, even from the DMZ? VLANs would be the way to go, but I'm not quite sure how you could set it up if yer router doesn't support it. Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted January 25, 2010 Share Posted January 25, 2010 yeah creating a NAT box would be a good solution as well. This should help per Irongeek. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 25, 2010 Share Posted January 25, 2010 Do you have a link to that? It looks interesting. Quote Link to comment Share on other sites More sharing options...
iron man is anemic Posted January 26, 2010 Author Share Posted January 26, 2010 Ok, i have read everyones comments and believe the easiest way i can do this is the way i was describing. I modified the pic that was attached above to reflect what im planing to do, please let me know if its a good idea or not, or if you cant understand it. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 26, 2010 Share Posted January 26, 2010 I don't know if that would work, worth a shot tho. I've never connected one router via the WAN port to another via a LAN port before. Quote Link to comment Share on other sites More sharing options...
iron man is anemic Posted January 26, 2010 Author Share Posted January 26, 2010 I don't know if that would work, worth a shot tho. I've never connected one router via the WAN port to another via a LAN port before. Well thats how i have my current configuration setup, and i can tell you it works. but the only problem im having with it, and was the reason for this original post was the second device that is connected from its wan to the primary devices lan port has full access to the entire network while it doesnt go upstream since the first router drops all unsolicited data coming into the wan port. thats why i am wanting to use a 3rd device as a man in the middle so to speak. it would allow both wireless routers access to the internet without the possability of cross talk thus not compromising the security of my side of the network. And any devices connected to the middle device would be accessable by both networks, so you could setup a network storage device in the middle router allowing sharing of files between the two networks without having to allow traffic to cross directly from one side to the other. To break it down it would work like this: 1 over all network with 2 sub networks, sub network A & B sub networks A & B arent able to directly comunicate to each other due to the firewalling capabilities of the routers due to there configuration to each other as to preserve there individual security, but will share a common internet connection any devices (I.E. NAS, Servers, media pc's, etc...) connected at the "bridge" router will be accessable by both sub networks. Since 3 routers will be connected together in a Y wan to lan configuration: sub A wan to main lan, sub B wan to main lan. anything not asked for a specific computer inside the "firewalled" sub network will be dropped. The only thing i would need to make sure of is that all 3 routers use different ip ranges, or else things could get hairy real quick i think. I think this configuration could drasticly reduce the load on the overall network as all local traffic would be isolated to one sub network while the rest is unaffected. It makes sense in my head but i could be 10000000% off on how this will work and if it will work at all. Quote Link to comment Share on other sites More sharing options...
Charles Posted January 26, 2010 Share Posted January 26, 2010 You could set each of the two routers to use different subnets (I think?) and have them route to the main router, which would be hooked up to the internet. Sounds tricky, but that might work. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.