how-to block ads
|
slajoh01
join:2005-04-23
4 edits | Setting up a secure LAN with no access to Public Internet? Hi,
I have a laptop behind a wireless router which uses a LAN IP of 192.168.1.1 and I have another PC which is also connected to a different router configured with a LAN IP of 192.168.2.1.
How can I setup a private LAN with the laptop NOT being able to communicate or access the public internet and at the same time being able to do networking tasks like accessing secure Intranet sites, share files, access networked printers and so on?? The PC however, can be used to access the public net. But I DONT want the laptop to be able to.
And even though its a wireless router, I have it hard-wired to the wireless router
Or, I can have the other way around so the laptop CAN access the public Internet, and have the PC NOT access the public net...But please explain on how to set this up.
Even though I have VPN endpoint routers, I dont have them setup to use VPN since NOBOBY will access my network from the outside anyways...
Can I do this setup without a VPN?
The wireless router is a WRT54GC
Other router is a BEFSX41
Both linksys.
Thanks. | |
|  
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| Re: Setting up a secure LAN with no access to Public Internet? The following will probably work, though I have not tested it.
Call you routers R1 and R2. You decide which is which based on your other needs.
R1 connects to Internet, and your Internet connected computers are on LAN ports (or WiFi) from router R1.
Router R2 is for your LAN that is not to be connected to internet. Connect the WAN port of R2 to one of the LAN ports of R1. But, in the WAN configuration for R2, manually assign it an IP address on its WAN side (should be an IP suitable for the LAN side of R1, but outside the DHCP range). However, do notassign an internet gateway IP in the WAN settings or R2. Or, alternatively, if it insists, then assign a bogus internet gateway IP - an IP appropriate for the LAN side of R1, but an IP that is not used by anything in your network. That should allow computers connected to the R2 LAN to access computers on the R1 LAN, but not access the Internet.
For even greater isolation, use an ethernet switch. The switch uplink connects to the LAN of R1. All the computers for the LAN of R1 connect through the switch, and the WAN side of R2 connects through the switch. Setup MAC filtering on R1 to disallow access by the WAN MAC address used by R2. That will leave R1 actively blocking access by R2. However, access to the LAN of R1 is still possible since that only uses the switch and does not depend on sending packets through R1.
As previously mentioned, I have not actually tried this. So if you get it working, post a report on how it works out.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11 | |
| | slajoh01
join:2005-04-23 | Re: Setting up a secure LAN with no access to Public Internet? Thanks for this info and I will print this out too.
Both of my routers have an option to backup my router settings first before I test it out. | |
| | | |
|
