Wireless/Wired Router Solutions for 2 Networks? 73
DaveTheBrave asks: "I'm currently running a home based business on an el cheapo Netgear wireless router off a broadband cable modem connection. I'm looking to upgrade to something better with more flexibility. My in-laws recently sold their home and will be moving into my home temporarily while they are building another. They have a home based business and my mother-in-law is also notorious for attracting viruses, adware and other nasty stuff on her PC (which I have to routinely clean - hence my need for a better network solution). What is the best/easiest solution to segment and keep separate my network from theirs (both wired and wireless) off of one incoming cable modem? I'm looking for something around or less than $500."
Get another Cable Modem (Score:1, Informative)
Re:Get another Cable Modem (Score:1)
i did exactly this for a while on time warner cable. they only charged us another $22 a month for the extra cable modem rather than charging us for 2 full internet packages.
simple (Score:1)
One cheap PC. Three NICs: one to cable modem, one to each of the two subnets you want. Install OpenBSD, config, voila...
Re:simple (Score:1)
maybe something "easier" than OpenBSD (Score:3, Informative)
One cable modem, two subnets, no routing between them...
Clarkconnect comes free, with a range of possible upgrades like auto snort updates, security checking, and auto updates for the registered version.
Advantages : webpages configuration with quite a good help and easy set-up...
You can implement Mailscanner+SpamAssassin on the cheap.
The "intrusion prevention" updates part comes with a (small) price, and allt
Ooops (Score:2)
This one works...
When I see what I can do when sober, I'm thinking I could start hitting the bottle and at least enjoy my errors 8p
"Use the Preview Button! Check those URLs!"
Sorry again
Re:maybe something "easier" than OpenBSD (Score:1)
i don't buy this "OpenBSD is hard" thing people claim. it is incredibly easy to install, and, unless you can't read or are incredibly dense, even easier to configure. anything man pages (yes, it has man pages, and they are far superior to any man page any linux distro has) miss are summed up in an excelle
Re:maybe something "easier" than OpenBSD (Score:3, Informative)
1/ I'm using it right now
2/ It support wireless cards, SMP, e1000 Intel Gigabit Ethernet, etc with no or little fuss, just browse the website for a list of compatible, tested and supported hardware
3/ I know it is a well made interface, with good autodiscovery, and clear help (not always inline, but always well made)
4/ IPTABLES ? everything is closed by default, and you have a nice, clear and easy interface to open just the ports you want and do
Re:maybe something "easier" than OpenBSD (Score:2)
Re:maybe something "easier" than OpenBSD (Score:1)
smoothwall.org
Later,
-Slashdot Junky
Re:simple (Score:1)
The "simple" solution (Score:3, Informative)
Wireless-wired routers are pretty cheap. You should be able to do it for under $200. Not "elegent", but do-able.
Re:The "simple" solution (Score:2)
Re:The "simple" solution (Score:2)
Two routers would keep the traffic from either LAN from EVER mingling. Well, unless someone is spoofing packets... and if that's happening, you've got far worse problems.
Re:The "simple" solution (Score:2)
Re:The "simple" solution (Score:2)
Also the "solution" requested appeared to be a "temporary" solution:
Why pay for the expense of anothe
Re:The "simple" solution (Score:3)
Then do it the other way around. Hook up the safe computers to the inner router, and the unsafe computers to the outer router. The outer router is the WAN of the inner one, and if it launches attacks it's the same as if the open Internet launched attacks against your single router now.
Re:The "simple" solution (Score:2)
Re:The "simple" solution (Score:2)
Maybe it's just me, but I wouldn't run any business data over wireless links unless I really really had to.
Of course there's always encryption, but if you're setting up home office, just wire it with ethernet,
one day job, more secure solution with better performance.
Re:The "simple" solution (Score:2)
Re:The "simple" solution (Score:1)
Re:The "simple" solution (Score:2)
Re:The "simple" solution (Score:2)
We're talking a temporary solution. Why make it complicated?
Linksys WRT54G (Score:2, Insightful)
If you have some spare time reflash the WRTs with OpenWRT for extra flexibility. While you're at it, you might want to score a few extra points with your inlaws by mi
Re:Linksys WRT54G (Score:2)
I currently have 2 Linksys WRTs attached at the hip (wirelessly) as well as a Linksys B (the newest firmware for B's supports lazy WDS). The G's perform flawlessly, but the B has its days. I can seperate everything on their own Subnets, choose NAT paths, etc...
I think between something like this and adding a firewall package like ZoneAlarm, that should keep the in-law out.
Either that or update her privili
The way I do it: Linksys WRT54GS (Score:2, Insightful)
Re:The way I do it: Linksys WRT54GS (Score:2)
This thing's a pretty versatile device for under $100. Load OpenWRT [openwrt.org] on it and you'll have a capable Linux machine/distro suitable for small-network routing and firewalling with iptables, vconfig and brcfg. The built-in Ethernet switch [openwrt.org] is 802.1q VLAN capable and configurable at the per-port level, so you can split the network in two and still have the 'router' connected to both and handling Internet traffic with some modifications to the startu
Re:The way I do it: Linksys WRT54GS (Score:2)
Re:The way I do it: Linksys WRT54GS (Score:3, Informative)
From what I understand, the most recent revision of the WRT54G (v5) is now based on vxworks. However, you can buy the WRT54GL, which is effectively the WRT54G v4.
- Tony
One item... (Score:2)
Switch to firefox/thunderbird. Put ms anti-spyware beta on desktop and norton or some other av program, spybot and turn on teatimer.
Should make her relatively safe.
One more router. (Score:3, Interesting)
Re:One more router. (Score:1)
Another simple solution (Score:2)
If you're willing to spend $500, you can fund that set up for almost a year.
Linksys WRT54G/GS + New Firmware (Score:2)
kiwi
(note, make sure not to get the v4 hardware of the wrt54g, as it does not run the firmware.)
m0n0wall (Score:1)
speaking of networking gear... (Score:2)
Re:speaking of networking gear... (Score:1)
As for Linksys not being high quality, just look at what it says under Linksys... That's all the proof you need that they're good... Well, that's all the proof I need at least...
Perhaps the problem is not the router, but the client NICs or WiFi cards, or bad cables. I've had more t
Re:speaking of networking gear... (Score:2)
Re:speaking of networking gear... (Score:1)
one time i had to reset it, but that was after a brownout which might have put it on the fritz. luckily it kept the old settings
Re:speaking of networking gear... (Score:2)
Yea, any router which is connected to a cable modem which gets the proper amount of signal.
Sound to me that you are having the same problem which I used to have. There are three things to keep in mind about connecting a cable modem to the cable line.
Try changing ISPs (Score:2)
Someone in management decided that they wanted to switch from Cable to the local telco monopoly's brand of DSL. So we order the DSL, and I go switch it over - pretty simple, just move the ethernet c
Followup to those suggesting WRT54G or GS (Score:4, Insightful)
The current version of the WRT54GS, v4.0, is reported to also have half the capacity of previous GS models, which leaves it with as much as older WRT54G models. This means you can get an off-the-shelf GS with the open-source firmware capabilities of old WRT54G models if you're willing to pay $20 more.
Linksys is also supposed to be releasing the WRT54GL, which many have speculated is a relabeled WRT54G v4.0 for $10 more. However, last I checked it was only available in Europe (and by checking I mean both searching the 'net and talking to Linksys support, who ended up referring me to a wholesaler after being unable to find a North American retailer who had them in stock).
Soekris 4801 and m0n0wall have been mentioned (Score:2)
Re:Soekris 4801 and m0n0wall have been mentioned (Score:1)
Openwrt + Linksys wrt54gs (Score:1)
Requisite BSD Touting Suggestion (Score:3, Interesting)
Each router(being used as a fancy wireless ready switch, and nothing more), lives on its own subnet, and you can use firewall rules to dictate access rights between the two of them.
This gives you two separate network segents, on different layer 2 broadcast domains, and a strong traffic cop to enforce your rules between them.
Besides, OpenBSD kicks ass.
(I) Like a bridge over doubled routers (Score:2, Informative)
it will carry me (bits) home.
Seriously, here's what I would do:
Cable feeds switch.
Switch feeds two NAT/firewall routers, one for your network and one for the family.
To mitigate viruses, configure the family router to block all incoming ports and all outgoing ports except the ones they absolutely need, e.g. http, https, and maybe passive-ftp. LEAVE OUTGOING MAIL-POP3 and -SMTP BLOCKED and teach them to use webmail.
Configure your NAT router as you see fit.
Some cable mode
Re: (Score:2)
Re: (Score:2)
Easy (Score:2)
Comment removed (Score:4, Informative)
Re:Managed switch with VLAN (Score:1)
It seemed so obvious to me that VLANs were just what was needed, can't believe it took 50-odd posts to get to it.
The alternatives are some serious static route configuration or wireless isolation as per the Netgear DG834G (bit better than just seperate SSIDs).
Personally if I was running a business (from a cable modem?!) and the in-laws wanted to use the internet at my house, I'd get them to pay for their own ADSL connection and rout
Re:Managed switch with VLAN (Score:2)
Way to abuse the moderation system, asshole.
Re:Managed switch with VLAN (Score:2)
Ports 9 through 16 plus port 1 in VLAN 2
You can't put port 1 in both VLANs, unless the Internet connected router does trunking and subinterfaces, in which case you would need to configure access lists to prevent the router from routing VLAN 2 traffic to VLAN 1 (ie, viruses from the unsafe network infecting the "secure" VLAN 1)
VLANs simply allow you to create two separated network segments with one switch. You could do just as well with two cheap switches. The problem is
Re:Managed switch with VLAN (Score:1)
Put the hosts you care about behind the second crappy router, the ones you don't care about behind the first. Configure the first ('exterior') to have the second ('interior') as its DMZ host, and you should be able to ignore the in-laws network rather effectively.
Merry Thanksgiving, Geoff
--
Phil
Bonjour for flexibility, Macs for security (Score:2)
How about the Check Point Safe@Office? (Score:1)
Use what you have (Score:1)
Coupled with bandwidth throttling, each client is completely unable to affect any other client.
I'm not sure if netgear has this functionality or not, but the WRT54G is a pretty cheap router.
Better solution (Score:2)
Is there a WiFi equipped coffee shop nearby? "Hi mom, let me show you to your office..."
Check out Astaro (Score:1)
This is your biggest problem? (Score:2)
Seriously, I'd grab a junker PC from somewhere and turn it into a dedicated firewall/router. Have one LAN card connect to your broadband, one to your gear and a third to your in-laws' gear. If you want to play games as well, have a 4th LAN card connecting to your gaming stuff - you want to keep that separate if possible.
Once you've got that working, with all LAN cards on distinct subnets, you ca
Zero Cost Solution (I think) (Score:2)
IP Address 192.168.2.x
Subnet Mask 255.255.255.0
Default Gateway (router) 192.168.1.1
Second Network
IP Address 192.168.3.x
Subnet Mask 255.255.255.0
Default Gateway (router) 192.168.1.1
Router Settings
IP Address 192.168.1.1
Subnet Mask 255.255.0.0
I think this would divide your network into two subnets with both subnets allowed to talk to the router, or am I nuts?
Ed Almos
Re:Zero Cost Solution (I think) (Score:2)
Another problem, which also probably affects the VLAN solution others have proposed, is that you can't assume that a virus will only use IP. NETBEUI, I believe, is not by default transported over IP, and hence will have access to anything on
ipcop + 2 subnets (Score:2)
It wont be perfect since a lot of viruses dont care about subnets, but the next best thing if you cant swing a 2nd connection.