split/isolate network

[rikona]

Hello NoOp,

Saturday, November 20, 2010, 8:34:15 PM, NoOp wrote:

N> On 11/20/2010 06:10 PM, rikona wrote:
N> ...
>> 
>> I'm concerned about the "could not speak to 192.168.1.129 without a
>> router" above, though. Does this mean that they COULD communicate if I
>> have a router ahead of the splitter box? I was considering:
>> 
>>  cable modem -> router/firewall -> linux box -> 2 isolated net
>>  connections
>> 
>> If so, does that mean that I would have to prohibit, in the splitter
>> box, *incoming* from the 'other half' IP addresses, to get around this
>> problem? Does the router, in general, essentially undo what I'm trying
>> to do in the splitter box if I ONLY do just splitting?

N> I'm a little confused on exactly what/why you are trying to accomplish.

I'm trying to do essentially what you describe below.

N> Both subnets will need to share a common gateway with only one
N> internet connection. So why not just add another router to
N> 'router/firewall' and have it issue DHCP on a separate subnet?

cable modem ->> router/firewall1 -> subnet1 (fixed IP wired)
N>                      |
N>                router/firewall2 -> subnet2 (DHCP wireless)

N> If the routers are configured properly, subnet2 will never see
N> subnet1 unless you allow it in the routers firewall rules. This is
N> how I separate my 'guest' wireless from my wired machines. Wired is
N> on a highly configurable Cisco router, Wireless is on standard
N> Netgear wireless router/firewall2 -> subnet2.

This is what I used to do when I had multiple fixed IP addresses. Each
router had its own fixed IP address, and behaved just as you
described. . My current [and only broadband monopoly - Comcast] ISP
has dynamic IPs and ONLY ONE AT A TIME. If I want what I had before I
would have to get a 'business class' account for a LOT more money.

So, what I want to do is have isolation using only one IP address.


-- 

 rikona