Secondary internal network

JGBR

JGBR

JGBR

Associate
Joined
18 Mar 2007
Posts
1,838
Instead of messing about with subnets etc, is it easier to set up a secondary internal network with another router on secondary network cards.

IE:

Internet-router-switch- computer (network 1 for net access only)

Router-Nas/computers (network 2)

All machines have two network cards.

This ensures all internal data/Nas etc is not accessible via the internet connection and the Internet connection is solely for Internet.
 
This is related to using a router on a secondary network instead of a switch to avoid all the settings and troubles etc.

Presumably if you still get around some of the problems using a router, the issue of getting the machines to use certain network connections and settings for certain tasks is more difficult.

In all it seems the most secure way is to forgoe it all and never send internal data over a network/Internet gateway attached network.
 
I'm not sure what the second router is for if that subnet has no access to another subnet? If you want certain devices to be blocked to/from certain other devices then I'd suggest a smart (or managed) switch and enable port-based VLANs. The beauty of this is that all devices can stay on the same subnet and the internet-connected PCs can optionally still talk to the non-internet devices if you wish. The non-internet devices would not be able to directly communicate with the gateway i.e. they'd behave as if they were on a totally seperate physical network. e.g.
P1 (router) ----- P2 (internet PC) = ALLOWED
P2 (internet PC) ----- P3 (NAS) = ALLOWED
P1 (router) ----- P3 (NAS) = NOT ALLOWED (note that IP settings, broadcasts, viruses etc cannot bypass this)

Although, having read some of your other posts, I'm not sure you'd consider a modern switch with a browser-based management interface for config to be secure enough :rolleyes:. I'm sure the auction site will have some older units that use a CLI for config via a 9-pin serial console cable that would have to be physically connected to one of your local PCs. If you ask nicely you might even get some free tinfoil to make a hat :p
 
You must log in or register to reply here.
Back
Top Bottom