![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
One IP - two separate LANs for security?
- Thread starter rmd3003
- Start date
DlStreamnet
Limp Gawd
- Joined
- Mar 10, 2005
- Messages
- 359
What router?
Can only have same IP across two vlans using PVLAN's
Can only have same IP across two vlans using PVLAN's
All routers are regular routers. No VLANs
DlStreamnet
Limp Gawd
- Joined
- Mar 10, 2005
- Messages
- 359
Sorry, misread the question...think I was reading a different thread altogether lol - sorry.
Yeah that would work fine, you don't need 3 routers though, just 2, and set the second as it's own ip range with the D/G of the main router
Yeah that would work fine, you don't need 3 routers though, just 2, and set the second as it's own ip range with the D/G of the main router
Exactly as said above. You could easily get away with two routers though, especially when you consider the cable modem is its own little router. Kind of overkill the way it's setup given I'm sure they're just plain jane consumer routers you wont get much benefit. The routers will block broadcasts from the different networks altogether and being on different networks should mitigate most threats. Doubt you'll ever see anything complex enough that it would prove otherwise.
ThreeDee
[H]F Junkie
- Joined
- Sep 5, 2001
- Messages
- 11,377
use an old computer and set up a smoothwall box with 3 nics in it .. red/green/purple interfaces .. red goes to modem .. green and purple will be your separate lans that can't see eachother unless you create special rules for them to do so.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
You can do that setup but with two outside IPs. You should be able to just pull a second one from your ISP. Maybe ask them about that to make sure it's ok.
Another option is to setup pfsense, smoothwall or other OS of choice as suggested and have a single WAN and two LANs. You can then setup rules for what can and cannot access one LAN or the other. I have this setup on my pfsense box and it's nice. The wireless is on the "public" and everything else is on the private, but there's a few ports I allow through such as my climate control server. If I'm working on someone's PC, I also put them on the public in case they have a virus.
Now that I have a switch that does VLAN's I will probably refine this further in the future.
Another option is to setup pfsense, smoothwall or other OS of choice as suggested and have a single WAN and two LANs. You can then setup rules for what can and cannot access one LAN or the other. I have this setup on my pfsense box and it's nice. The wireless is on the "public" and everything else is on the private, but there's a few ports I allow through such as my climate control server. If I'm working on someone's PC, I also put them on the public in case they have a virus.
Now that I have a switch that does VLAN's I will probably refine this further in the future.
RocketTech
2[H]4U
- Joined
- Oct 7, 2009
- Messages
- 2,359
I'd use pfSense with VLANs, only one NIC necessary and no Rainbow-Brite/My Little Pony interface nomenclature.
Your switch will need to support 802.1Q Trunks, but you wanted a cool new switch anyways, right?
Your switch will need to support 802.1Q Trunks, but you wanted a cool new switch anyways, right?
Nicklebon
Gawd
- Joined
- May 22, 2006
- Messages
- 987
1 low end real router
2 switches (can be typical consumer pos type) or 1 real switch
2 AP
Profit
2 switches (can be typical consumer pos type) or 1 real switch
2 AP
Profit