nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to slajoh01
Re: Setting up a secure LAN with no access to Public Internet?
The following will probably work, though I have not tested it.
Call you routers R1 and R2. You decide which is which based on your other needs.
R1 connects to Internet, and your Internet connected computers are on LAN ports (or WiFi) from router R1.
Router R2 is for your LAN that is not to be connected to internet. Connect the WAN port of R2 to one of the LAN ports of R1. But, in the WAN configuration for R2, manually assign it an IP address on its WAN side (should be an IP suitable for the LAN side of R1, but outside the DHCP range). However, do notassign an internet gateway IP in the WAN settings or R2. Or, alternatively, if it insists, then assign a bogus internet gateway IP - an IP appropriate for the LAN side of R1, but an IP that is not used by anything in your network. That should allow computers connected to the R2 LAN to access computers on the R1 LAN, but not access the Internet.
For even greater isolation, use an ethernet switch. The switch uplink connects to the LAN of R1. All the computers for the LAN of R1 connect through the switch, and the WAN side of R2 connects through the switch. Setup MAC filtering on R1 to disallow access by the WAN MAC address used by R2. That will leave R1 actively blocking access by R2. However, access to the LAN of R1 is still possible since that only uses the switch and does not depend on sending packets through R1.
As previously mentioned, I have not actually tried this. So if you get it working, post a report on how it works out.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11 |
