split/isolate network

rikona rikona at sonic.net
Sun Nov 21 19:58:39 UTC 2010

Hello NoOp,

Saturday, November 20, 2010, 8:45:32 PM, NoOp wrote:

N> On 11/20/2010 08:34 PM, NoOp wrote:
>> On 11/20/2010 06:10 PM, rikona wrote:
>> ...
>>> I'm concerned about the "could not speak to without a
>>> router" above, though. Does this mean that they COULD communicate if I
>>> have a router ahead of the splitter box? I was considering:
>>>  cable modem -> router/firewall -> linux box -> 2 isolated net
>>>  connections
>>> If so, does that mean that I would have to prohibit, in the splitter
>>> box, *incoming* from the 'other half' IP addresses, to get around this
>>> problem? Does the router, in general, essentially undo what I'm trying
>>> to do in the splitter box if I ONLY do just splitting?
>> I'm a little confused on exactly what/why you are trying to
>> accomplish. Both subnets will need to share a common gateway with
>> only one internet connection. So why not just add another router to
>> 'router/firewall' and have it issue DHCP on a separate subnet?
>> cable modem -> router/firewall1 -> subnet1 (fixed IP wired)
>>                      |
>>                router/firewall2 -> subnet2 (DHCP wireless)
>> If the routers are configured properly, subnet2 will never see
>> subnet1 unless you allow it in the routers firewall rules. This is
>> how I separate my 'guest' wireless from my wired machines. Wired is
>> on a highly configurable Cisco router, Wireless is on standard
>> Netgear wireless router/firewall2 -> subnet2.

N> Sorry, forgot to add that a good router/firewall1 should be able to
N> accomplish the above. However I've not (yet) found a wireless
N> router with a good enough firewall interface to allow me to inspect
N> packets, logs, etc., in the same manner as my wired
N> router/firewall, so I just connect the wireless to the wired & use
N> the wired as the controlling router & gateway.

Do you have multiple IP addresses from your ISP?

If not, does that mean that the 'net' side of the wireless is set to
use 192.168...? IIRC, and I may not, that is not allowed on the 'net'
side of a 'home' router.

Or, does your Cisco have a DMZ for the wireless?

If the wireless uses 192.168... how are the two sides isolated? Is
this also done by the Cisco?

Thanks for the reply, but it did trigger more questions. :-)



More information about the ubuntu-users mailing list