split/isolate network

[rikona]

Hello NoOp,

Sunday, November 21, 2010, 8:35:12 PM, NoOp wrote:

N> On 11/21/2010 06:38 PM, rikona wrote:
N> ...
>> Netgear FVS318 - 8 ports, wired. Old, but still running... :-)
>> 

N> You probably missed this:
N> http://kb.netgear.com/app/products/model/a_id/2422
N> http://kb.netgear.com/app/answers/detail/a_id/2104

Actually, I didn't. The first [KB] didn't seem to have info helpful to
the 'bi-directional isolation' problem, but did talk about
non-isolated 'operation'. The second is the manual, which I have, and
is also not helpful re isolation.

But - additional snooping on the netgear site showed an example of
using a non-routable address on the WAN side of the router. When I
last did a redo of my net a few years ago, for some now-forgotten
reason I though that was not possible. Perhaps when I tried it there
was some combo of settings so that the router would not take it. To
check it again, I borrowed a router, cleared it, and it did take a
192... address, so my assumption from long ago was wrong.

Given I can do that, perhaps a good solution would be to use 2 routers
behind the Netgear, with single fixed IPs. This configuration is
similar to what I did with 2 IP addresses, and, assuming I can set the
right parameters in 'home' routers, would seem to provide isolation in
both directions. If it would not, please let me know.

N> That said, I see no reason why an added router connectd to the FVS318
N> could not be configured to issue DHCP addresses on an alternate subnet
N> (for example 192.168.2.x) and use the FVS318 as the default gateway
N> router connected to the Comcast cable modem.

That would give the DHCP side 'operation', but it is not clear to me
how this provides total isolation, in both directions, between both
'sides' of the split LAN - but there's a good possibility that I don't
understand it properly.

Thanks much for the help...

-- 

 rikona