Introduction

There are times when having two separate networks - both sharing the same Internet connection - can come in handy. For example, I recently helped a community center with its network setup. They needed to provide Internet connection to tenants who were renting space, in addition to their own shared Internet. They also shared a number of folders on the network, but weren't too careful about password protecting the shares.

Rather than trying to (unsuccessfully) enforce good file-sharing practices among users who didn't really have the inclination to learn them, I took a more pragmatic approach and separated the tenant and community center computers into their own private LANs.

Separate LANs can also keep your computer(s) safe from worm and malware infestation from your children's (or employees') machines. Let's see how it's done.

The Approach

This approach is essentially an extension of the technique described in the Setting up File and Printer sharing between two routers Problem Solver and has the same effect of blocking file and printer sharing traffic entering the WAN side of each router. The difference in this setup is that we've separated clients into two groups, each behind its own firewall that blocks any data not requested by a client behind the firewall trying to come into the WAN side of its router.

File and Printer sharing doesn't work between the two groups because although data passes through the originating computer's firewall just fine, it's blocked from entering the firewall of the computer in the other group. However, all clients can freely connect to the Internet as long as they initiate the data request, even through the request has to pass through two firewalls to get there.

Tags: How To, router, security,

Related Articles: