Connecting wireless + wired routers together

I have a 4 port wired linksys rounter hooked up to my cable modem and other computers in my home. I also have a 4 port wireless network everywhere router that I connected to the linksys via the "uplink" port on the wireless router to one of the normal ports on the wired router. The wireless connection works well. However from the wireless router, any computer connected to it, can see all the computers on my wired network. This is probably the intended functioning of the uplink port, but not exactly what I want, since anyone in range of the wireless router can gain access to my whole network.

Is there a way to "hide" the wired network from the wireless router? I was thinking of connecting the WLAN port of the wireless router to a normal port on the wired router. Since the wired router is set as a DHCP server anyways, I'm guessing it will assign the wired router an ip and all. Then treat the wireless router as if it was connected directly to the modem. Will this work? if so, will it hide the wired network from wireless connections?

Thanks

Reply to
Steven Wong
Loading thread data ...

So, you disable the DHCP server on the wireless router? There should be only one DHCP server and it's active on the wire router. If you set the Device IP of the second router to a static IP of the gateway router, then the machines connected to the wireless router will get their IP from the gateway router or you can set a static IP for machine connect to the wireless router and that static IP will be a static IP you have selected on the gateway router.

In the area of the Device IP and Subnet Mask for the second router, if you change the Subnet Mask to be a different number on the second router to not match the Subnet Mask of the gateway router, then the two networks will be segregated and the machines will not be able to access each other across devices. The machines on the second router will be able to access the Internet through the gateway router if the Device IP of the second router is set to a static IP of the gateway router. You'll have to play with that Subnet masks thing and see how it works for you, as I was not concerned about segregating the two networks.

When you disable the DHCP Server on a router, you have turned it into a

*switch* and it is no longer a router. So what you have for the wireless router is a wire/wireless AP *switch* device and you can connect wired and use a wireless connections with the device.

formatting link
The links should help you and the second link is the method I used to connect my BEFW11S4 router to my WatchGuard FW appliance.

formatting link
Duane :)

Reply to
Duane Arnold

You say "WLAN". Is that what it is labeled? I would expect that one to be WAN. Wireless Local Area Network or Wide Area Network.

The IP address that the wireless router gets from the wired router is unimportant. You are concerned with the IP addresses that the wireless clients get. If you have the wireless uplink connected to the wired LAN, you are acting as a switch, probably. If your wireless is providing DHCP, the wired router will act as a gateway between the two subnets. If the wireless is not acting as DHCP, then wired and wireless appear to be the same network.

1- If you connect the WAN port of the wireless to a LAN port on the wired, your wireless access to the internet would be "double-NAT", if both the wireless router and wired router are doing NAT. This shouldn't present a problem for surfing or internet email, and would prevent the wired clients from accessing the wired clients. But that's the reverse of what you want, since the wireless would still be able to get to the wired clients. 2- You could connect the WAN of the wireless router to the modem, and the WAN of the wired router to a LAN port on the wireless, assuming that it has wired ports. This would make your wired clients double-NAT to the internet, but protected from the wireless clients. Both routers would be set to give DHCP in different subnets. 3- Or leave the connections as they are. Set the wireless to give DHCP IP addresses on a different subnet from the wired DHCP. Set the "site blocking" in each router to block access to the other router's subnet.

Some exact model numbers (Linksys has lots of variations within models) of both routers would be needed for any specific advice.

Some combination of the above should work for you. Are you looking for a way to allow public access to the wireless, but protect your local network? Would you ever want to share from wireless to wired, or is this all just net surfing?

I've blocked everything from everything at my house. If I want to move stuff from one system to another, I use a USB flash drive. Back to the eighties in terms of "sneaker net" moving data by foot, but I don't worry about which firewall to open, and trying to keep my laptop less secure at home while still more secure on the road. I'd rather be secure. Usually when I want to share something, the other computer is off, anyway.

Reply to
dold

Using the uplink port, yes only one router is acting as a DHCP server. However, using the "connect one WAN port to the others LAN port" idea, I can have both routers as DHCP servers for simplicity.

I think I can avoid this by using both routers as DHCP servers as described above?

Thanks for the info

Reply to
Steven Wong

Actually its labeled "internet" on the router =), but yes I meant the WAN port.

Thats exactly what I wanted to know. If wireless clients can still access the wired ones, it defeats the purpose.

This sounds like what I want to do. By doing this will I break any applications running on the wired clients b/c of the double-NAT? (MSN, ICQ, P2P apps, ftp and ssh clients, etc) I'm guessing not, since its just one more translation.

I don't think either of my routers can block specific ip ranges. The linksys is a BEFSR41 firmware v 1.42.7. The other is a Network Everywhere NRW04B.

I don't want to open up wireless access to the public, I just want to make the whole setup secure as possible from the wired clients point of view, because I do taxes/banking and stuff like that online from the wired clients. The wireless router is already using WEP, (WPA not supported) but I don't have much faith in it.

The wireless clients will basically just be my family member's laptops, connected for surfing, email, and MSN.

Thanks for the info!

Reply to
Steven Wong

Actually its labeled "internet" on the router =), but yes I meant the WAN port.

Thats exactly what I wanted to know. If wireless clients can still access the wired ones, it defeats the purpose.

This sounds like what I want to do. By doing this will I break any applications running on the wired clients b/c of the double-NAT? (MSN, ICQ, P2P apps, ftp and ssh clients, etc) I'm guessing not, since its just one more translation.

I don't think either of my routers can block specific ip ranges. The linksys is a BEFSR41 firmware v 1.42.7. The other is a Network Everywhere NRW04B.

I don't want to open up wireless access to the public, I just want to make the whole setup secure as possible from the wired clients point of view, because I do taxes/banking and stuff like that online from the wired clients. The wireless router is already using WEP, (WPA not supported) but I don't have much faith in it.

The wireless clients will basically just be my family member's laptops, connected for surfing, email, and MSN.

Thanks for the info!

Reply to
Steven Wong

gndm snipped-for-privacy@yahoo.com (Steven Wong) wrote in news: snipped-for-privacy@posting.google.com:

Yes I did that too but when it came to logging and viewing the logs on the WG with the Linksys router connected that way, I could not see the traffic to and from the Linksys router in the WG logs, as I recall. So I went LAN Port to LAN port on the setup so that I could see it all in one log.

Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.