Creating two networks

A

Azmandius

New Member
Joined
Oct 18, 2008
Messages
5
Reaction score
0
Hello everyone,
It’s nice to meet the community and hope to have best question-solving time here.

Now, I’d like to get straight to the subject.
I have the need for two Internet networks, a chilling café network and an office network.
The Internet is starting in the office via a DSL modem, configured like a router, to share Internet connection with other office computers through a simple switch.
Due to database requirements office computers must be, and are on static IPs.
In the café I would like to share same Internet connection, but via a wireless router, and I have attached that wireless router to the switch in the office.
My question is: how should I configure the wireless router in café properly, so the visitors will be able to connect to Internet automatically, via dynamic IPs?
I don’t think is normal for them in order to connect to Internet to configure their network cards manually, all the time when they visit my cool café.
Also is it possible to hide somehow local network computers IPs from bad hackers in the café.

DSL Modem is: D-Link 2500U
Wireless Router is: DI-624S - Wireless 108G USB Storage Router (http://support.dlink.com/products/view.asp?productid=DI-624S)

Some help is really and deeply appreciated.
Thank you very much.
 
1. IP addressing
Put the IP addressing for the whole network on DHCP, but assign static IPs to the necessary computers via their MAC addressing. It should have that option. Any other computer will simply take the next available address given to it by the DHCP server (the router).
2. Hiding network
I'm not sure if your router has this option, but some routers have the option to create multiple virtual LANs on the router and to separate them from one another. This is the easiest way to do so. Other than that you could simply disable outgoing Pings or portscans on the network.
 
Ok just read your manual.

What you need to do is set you office lan static.

Create a DHCP pool, seperate to you office lan but on the same subnet etc,etc

Goto IP Filtering and on the DHCP range filter all traffic except 80,443,110,25,995,465. This is internet and email and secure pages like Banking and Gmail if set to HTTPS.

Then goto Firewall, block your DHCP range from contacting or reaching your static IP range. Example would be: SOURCE IP (dhcp ip) and DESTINATION (office IP) and ANY protocol = DROP. If that helps you understand

That should be it.
 
Last edited:
Azmandius said:
Hello everyone,
It’s nice to meet the community and hope to have best question-solving time here.

Now, I’d like to get straight to the subject.
I have the need for two Internet networks, a chilling café network and an office network.
The Internet is starting in the office via a DSL modem, configured like a router, to share Internet connection with other office computers through a simple switch.
Due to database requirements office computers must be, and are on static IPs.
In the café I would like to share same Internet connection, but via a wireless router, and I have attached that wireless router to the switch in the office.
My question is: how should I configure the wireless router in café properly, so the visitors will be able to connect to Internet automatically, via dynamic IPs?
I don’t think is normal for them in order to connect to Internet to configure their network cards manually, all the time when they visit my cool café.
Also is it possible to hide somehow local network computers IPs from bad hackers in the café.

DSL Modem is: D-Link 2500U
Wireless Router is: DI-624S - Wireless 108G USB Storage Router (http://support.dlink.com/products/view.asp?productid=DI-624S)

Some help is really and deeply appreciated.
Thank you very much.
Click to expand...

All these suggestions are quite nifty but there is a far nicer solution available :D

Get a wireless router with a Wan port ( RJ45 )

Run this Wan port cable to your Network Switch/Hub/ADSL Modem-router

Configure the Wan router to use the type of internet connection: Static Cable
Set the static IP to an IP in the range of your office,gateway to the ADSL router

Set the Wan router to assign IP's dynamically in a wholly different IP range


And thats about it

Your wireless network will be using the office internet connection but the two networks are entirely seperated and inaccessible to one another
 
PsyWulf said:
All these suggestions are quite nifty but there is a far nicer solution available :D

Get a wireless router with a Wan port ( RJ45 )

Run this Wan port cable to your Network Switch/Hub/ADSL Modem-router

Configure the Wan router to use the type of internet connection: Static Cable
Set the static IP to an IP in the range of your office,gateway to the ADSL router

Set the Wan router to assign IP's dynamically in a wholly different IP range


And thats about it

Your wireless network will be using the office internet connection but the two networks are entirely seperated and inaccessible to one another
Click to expand...

1. He needs the setup to work with his current hardware.

2. In your example. He could setup the WAN of the wireless router to DHCP for example, Office clients wont be able to see Cafe clients (NAT) but they will be able to see office. Because they on the same subnet. I could be wrong but im sure cafe client thru NAT will be able to see office client on 1st router if they do a share scan for example.

Not only that but you also want filtering. Most cafes dont do this. Because you also want to isolate each user from the next cafe user. He could be running Wireshark and sniffing for passwords or anything else valuable. Also because wireless clients are on their own network you dont want 1 laptop infected with a worm jumping to all the other clients notebooks. Then the clients turn around and say, " After I plugged my notebook into your network it broke" etc,etc
 
Last edited:
Peon said:
1. He needs the setup to work with his current hardware.

2. In your example. He could setup the WAN of the wireless router to DHCP for example, Office clients wont be able to see Cafe clients (NAT) but they will be able to see office. Because they on the same subnet. I could be wrong but im sure cafe client thru NAT will be able to see office client on 1st router if they do a share scan for example.

Not only that but you also want filtering. Most cafes dont do this. Because you also want to isolate each user from the next cafe user. He could be running Wireshark and sniffing for passwords or anything else valuable. Also because wireless clients are on their own network you dont want 1 laptop infected with a worm jumping to all the other clients notebooks. Then the clients turn around and say, " After I plugged my notebook into your network it broke" etc,etc
Click to expand...

1. As i said I cannot access info on the current hardware so the assumption is a best-case

2. Incorrect,Wireless clients would not be able to see the office and vice versa. The Wan router is a bridging gateway to the internet,not the office network and as they can configure entirely independant settings for the wireless network they do not necessarily share subnets
 
So after all the thinking i have decided before buying anything to do the minimum security setup with the hardware i have just to make sure i will be able to make it work.
If everything will go smooth i will go ahead and get something better for more security.
Here its the hardware i have now, and i would like to get something of it:
net.jpg

What would be the best connection architecture with it in order to give out free internet for dynamic IP but stop users from simple access of office computers? (office computers are on static IPs)
Thank you very much.
 
After checking up on the d-link at home ->
The available hardware is prime for the setup i discribed and the office and café pc's won't be able to access eachother

WAN port from the wireless router into your switch,set the router to use Cable Static IP as its internet connection and see previous post regarding the rest :)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X