Wireless/Wired Router Solutions for 2 Networks?

DaveTheBrave asks: "I'm currently running a home based business on an el cheapo Netgear wireless router off a broadband cable modem connection. I'm looking to upgrade to something better with more flexibility. My in-laws recently sold their home and will be moving into my home temporarily while they are building another. They have a home based business and my mother-in-law is also notorious for attracting viruses, adware and other nasty stuff on her PC (which I have to routinely clean - hence my need for a better network solution). What is the best/easiest solution to segment and keep separate my network from theirs (both wired and wireless) off of one incoming cable modem? I'm looking for something around or less than $500."

Get another Cable Modem

[buttfuckinpimpnugget]

Depending on how long it takes for the in-laws new home to be built perhaps just getting a second cable modem would be the solution. Where I live a years worth of broadband would be about $450.

The "simple" solution

[Jhon]

would be to hook up two more routers to the current router -- pointing the two NEW routers to the OLD router as their WAN "gateway". Then on the LAN side of the two NEW routers, make each a separate network segment (i.e., 10.0.0.0/24 and 10.0.1.0/24 or something).

Wireless-wired routers are pretty cheap. You should be able to do it for under $200. Not "elegent", but do-able.

maybe something "easier" than OpenBSD

[da5idnetlimit.com]

I was thinking along the same lines, but using a dedicated distro like http://www.clarckconnect.com/

One cable modem, two subnets, no routing between them...

Clarkconnect comes free, with a range of possible upgrades like auto snort updates, security checking, and auto updates for the registered version.

Advantages : webpages configuration with quite a good help and easy set-up...

You can implement Mailscanner+SpamAssassin on the cheap.

The "intrusion prevention" updates part comes with a (small) price, and alltogether, the licence for a home office is around 200$...

Also, setting up is "secure by default" (you want a port opened, you do it...) and you are up and running after maybe 10-15 minutes config...

enjoy 8)

Re:maybe something "easier" than OpenBSD

[da5idnetlimit.com]

Well, I gave this distro as example for a few reasons, such as :

1/ I'm using it right now

2/ It support wireless cards, SMP, e1000 Intel Gigabit Ethernet, etc with no or little fuss, just browse the website for a list of compatible, tested and supported hardware

3/ I know it is a well made interface, with good autodiscovery, and clear help (not always inline, but always well made)

4/ IPTABLES ? everything is closed by default, and you have a nice, clear and easy interface to open just the ports you want and do the routing as you prefer

5/ you also have the man pages, in addition to the included help and descriptions, and a newbies website, and community support, and each and every module also connects you to the full website and doc for each and every part of the OS you are configuring

6/ Even if you are both dense and not fully fluent in english you can install it and still be secure, and even get excellent paid for support if the official - free - help forum isn't up to par with your expectation

7/ Also, OpenBSD was already mentioned, and this excellent distro wasn't

8/ I never said OpenBSD was difficult, or too hard, I just told him to go and have a look at this distro, because you don't have to fiddle endlessy to find an HOWTO on this, and a WHYNOT on that. Efficient, Secure, under 500$. You get all three. Which is what he asked for.

9/ /flame This distro doesn't seem to attract the sort of Holy Warmongers conflictual dorks that you seem to have taken unto you to represent/endflame

10/ Profit ! from the experience of others... Because it is provided for free and in good faith.

Hoping to read from you, or even better, from him after he implemented the solution he found best responding his needs 8p

Da5id

Re:The way I do it: Linksys WRT54GS

[tdemark]

Yes and no.

From what I understand, the most recent revision of the WRT54G (v5) is now based on vxworks. However, you can buy the WRT54GL, which is effectively the WRT54G v4.

- Tony

(I) Like a bridge over doubled routers

[davidwr]

(I) Like a bridge over doubled routers
it will carry me (bits) home.

Seriously, here's what I would do:

Cable feeds switch.
Switch feeds two NAT/firewall routers, one for your network and one for the family.

To mitigate viruses, configure the family router to block all incoming ports and all outgoing ports except the ones they absolutely need, e.g. http, https, and maybe passive-ftp. LEAVE OUTGOING MAIL-POP3 and -SMTP BLOCKED and teach them to use webmail.

Configure your NAT router as you see fit.

Some cable modems come with more than one LAN-side port and can act as a switch or hub if they sense they have more than one IP address assigned.

Most cable operators will sell you a 5-pack of IP addresses for so-many-dollars-a-month.

If the IP addresses are too expensive, do as another person suggested and put a 2nd-tier NAT router above the two "LAN" routers in place of the switch. The real benefits to the switch are:
1) both LANs can host inbound traffic on the same port
2) if the other LAN gets 0wned and people block its IP, your LAN are less likely to be blacklisted.

Managed switch with VLAN

[dfinster]

For example, CNet makes a really inexpensive managed switch with VLAN support.

• Put ports 1 through 8 in VLAN 1
• Ports 9 through 16 plus port 1 in VLAN 2
• Use port 1 to uplink to your router

You have both VLANs with access to the net, but no access to each other.

I think that's what you were asking for.