split/isolate network
NoOp
glgxg at sbcglobal.net
Sun Nov 21 04:45:32 UTC 2010
On 11/20/2010 08:34 PM, NoOp wrote:
> On 11/20/2010 06:10 PM, rikona wrote:
> ...
>>
>> I'm concerned about the "could not speak to 192.168.1.129 without a
>> router" above, though. Does this mean that they COULD communicate if I
>> have a router ahead of the splitter box? I was considering:
>>
>> cable modem -> router/firewall -> linux box -> 2 isolated net
>> connections
>>
>> If so, does that mean that I would have to prohibit, in the splitter
>> box, *incoming* from the 'other half' IP addresses, to get around this
>> problem? Does the router, in general, essentially undo what I'm trying
>> to do in the splitter box if I ONLY do just splitting?
>
> I'm a little confused on exactly what/why you are trying to accomplish.
> Both subnets will need to share a common gateway with only one internet
> connection. So why not just add another router to 'router/firewall' and
> have it issue DHCP on a separate subnet?
>
> cable modem -> router/firewall1 -> subnet1 (fixed IP wired)
> |
> router/firewall2 -> subnet2 (DHCP wireless)
>
> If the routers are configured properly, subnet2 will never see subnet1
> unless you allow it in the routers firewall rules. This is how I
> separate my 'guest' wireless from my wired machines. Wired is on a
> highly configurable Cisco router, Wireless is on standard Netgear
> wireless router/firewall2 -> subnet2.
Sorry, forgot to add that a good router/firewall1 should be able to
accomplish the above. However I've not (yet) found a wireless router
with a good enough firewall interface to allow me to inspect packets,
logs, etc., in the same manner as my wired router/firewall, so I just
connect the wireless to the wired & use the wired as the controlling
router & gateway.
More information about the ubuntu-users
mailing list