Two subnets block traffic between them but allow internet

networking wireless-networking router subnet
9,850

Using the setup at the link you provided, just delete/disable the route(s) between the networks you don't want communicating with each other and they won't be able to reach each other. As long as the nets are masqueraded in your NAT rules, they'll still get to the Internet.

Share:
9,850
GorillaApe
Author by

GorillaApe

Updated on September 18, 2022

Comments

  • GorillaApe
    GorillaApe over 1 year

    I have 192.168.1.1/24 network that has a switch and several access points .There is a adsl modem at 192.168.1.1 . I want to add a new network 192.168.2.1/24 with its own access point and switch.

    so far everything is fine

    Problem i am struggling to solve one week is how to let 192.168.2.1/24 and 192.168.2.1/24 share internet (and have separate DHCP and block traffic between there subnets)?

    Double nating is a solution but i want to avoid it.

    I have a spare routerboard RB750 that has router/firewall some vlan support.

    So what would be a solution for this problem ? So far maybe with a firewall rule i could block 1.1/24 to 2.1/24 traffic but how should i setup internet to work ?? Somehow traffic should be routed at modem in case it doenst match local subnet... Any solution ?

    • user1984103
      user1984103 almost 11 years
      There is a adsl modem at 192.168.1.1 -> Does the modem have an integrated router?
    • GorillaApe
      GorillaApe almost 11 years
      yes it has router and wifi too. also it has a special ethernet port for ip tv
    • user1984103
      user1984103 almost 11 years
      You will need at least two extra routers then. It looks like you have one, but you would need a second to fully segregate the subnets. Otherwise, double-natting is your only option.
    • GorillaApe
      GorillaApe almost 11 years
      even managed switch wont help ? you mean i need 3 extra routers?
    • Scott Chamberlain
      Scott Chamberlain almost 11 years
      He is talking about a configuration like the one in this answer. you have 3 routers in a Y configuration, doing that makes it so neither LAN can affect the other LAN, if you have only two routers the "outer" LAN that is closer to the internet could intercept or read data coming from the "inner" LAN if there was a malicious user on the "outer" LAN. Also even though 192.168.x.x IP's are non route-able for the internet the "inner" router could let a "inner" PC directly access a "outer" PC via IP.
    • user1984103
      user1984103 almost 11 years
      Managed switch won't help, you need an actual router capable of NAT. You either need two routers behind the modem, one for each subnet (which still technically results in double-natting), or you need a special router with 2 LAN ports (NOTE Most routers have 1 LAN port and a 4-port switch - this is not the same). Either way, you need more hardware. @ScottChamberlain linked to exactly the first thing I was talking about. The second would probably involve a custom router with linux or BSD.
    • GorillaApe
      GorillaApe almost 11 years
      @ScottChamberlain at the link you posted isnt this double nating ?
    • Scott Chamberlain
      Scott Chamberlain almost 11 years
      Yes, it is one of the forms of double NATing, and it is the only solution unless you buy specialized hardware like Darth Android suggested that has more than 2 ports on router (Like he said, most routers have 2 ports and a 4 port switch on the inner port, you need something that has at least 3 ports). If you have a router/switch that supports VLANs then internally it must have a distinct hardware port for each external port. So that hardware you mentioned could fall under the "more than 3 ports" category.
    • GorillaApe
      GorillaApe almost 11 years
      @ScottChamberlain , DarthAndroid as i said i have RB750 routerboard.com/rb750 that as far as i know you can set multiple dhcp ,vlan has firewall etc. So as it isnt a typical router with one wan port and a plain switch then what is the other solution /?
    • GorillaApe
      GorillaApe almost 11 years
    • Scott Chamberlain
      Scott Chamberlain almost 11 years
      Why doin't you just follow the instructions on the page you just linked, they tell you how to do exactly what you are trying to do.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I put two wireless routers on the same subnet?
Home network with two routers and just one Wifi
iPhone won't connect to home wireless network - but laptop will?
ASUS router EA-N66R has different subnet mask than laptop
Can a second router connect via WAN to another Router and establish a second network?
My router shows two IP addresses for my son's lap top
VPN Issue - successful connection through mobile (iPhone Hotspot) but unsuccessful through home WIFI
Laptop won't work with WPA encryption
TP-Link router sometimes fails to negotiate proper IP address
Configuring a Wired Access Point - Linksys WRT54G