Best way to isolate part of my home LAN on DSL connection

I have a Qwest DSL connection with an Actiontec (701 I think) router. In my network there are a few servers (VMS, LINUX, Win 2003) and a few XP Pro PC's. All were originally connected through a switch to the Actiontec. I have the wireless service disabled. My problem is that I now have roommates with PC's, one of them being pretty much computer-illiterate, and I don't want to expose my machines to whatever they might pick up on the internet. I have a Linksys BEFR81 8 port router that I bought in order to isolate my portion of the network. So far, getting out to the net works great on any of my machines. However, I am now having trouble getting back to them from outside on the net. (I frequently telnet in from work.)

My question is mainly a configuration one-- what would be the best way to configure the Actiontec and the Linksys?

Here's a little background:

When I had the Actiontec only, I had all my machines set up with static IP's and used port forwarding to allow access to HTTP, HTTPS, FTP, telnet and P2P on a couple of different machines. The roommates are using DHCP. The adress range was the default: 192.168.0.x.

When I first added the Linksys router, I put all my machines on the Linksys with static IP's (in order to use the port forwarding). The Linksys address range is also it's default: 192.168.1.x. I gave the Linksys WAN address a static IP: I then added all the port forwarding setting that were in the Actiontec to the Linksys (with the new addresses, of course). I then changed all the port forwarding settings on the Actiontec to forward to the Linksys

From home, everything appeard to work fine. I can get out to the net

from any machine and from my PC I can get to the Linksys management page as well as the Actiontec management page. The only thing that's not working is access from the outside.

One thing I am curions about is the DMZ feature. Should I have set up the Linksys IP ( as a DMZ address in the Actiontec?

Based on what I am trying to accomplish, is this the best way to do it?

Any suggestions would be appreciated.

Thanks. Bill

Reply to
Loading thread data ...

Let me see if I understand your setup:

internet | | actiontec | | | | | | | | 192.168.0.x DHCP + static roommates | | | linksys | | | | | | 192.168.1.x static | you

You are double NATed to the internet? I would think that you also need to be double DMZed to be exposed to the internet. I am not familiar with actiontec but I do have a Linksys router. I had trouble making port forwarding work and had to set up a machine as DMZ host. My sense of first question is yes, set up DMZ.

For your second question, yeah, this makes sense to me. I think you have it right.

Reply to
Dennis Reinhardt

On 21 Oct 2005 14:02:35 -0700, wrote Re Best way to isolate part of my home LAN on DSL connection:

This is at home right? Just curious, what are you running the VMS on? A microVAX?

Reply to
Vic Dura

Yes, this is at home. I am running VMS on an alpha PWS500. I used to have a MicroVax 3100 but have been running on alpha's since 1998.

FYI, the problem is fixed now. For some reason, the Linksys router didn't save the forwarded ports the first time. When I checked the list it was blank. I re-entered the list of forwarded ports it worked fine. The only downside is what quite a few people have mentioned about this particular router-- it only allows a maximum of ten ports/ranges to forward. I guess it's not a huge issue, as the Actiontec has more than that so nothing outside those ranges will be getting through from the outside. And pointing large ranges at the VMS machine isn't going to hurt anything since VMS is so secure. The VMS box is the only one I've ever trusted enough to have it exposed directly to the net when I didn't have a firewall in the early DSL days.


Reply to
mcbill20 Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.