×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

*
*
*
*

Thanks. We have received your request and will respond promptly.

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

One-way traffic on network?

thread581-1222305

One-way traffic on network?

One-way traffic on network?

(OP)
Our network has a Linksys RV042 router linking to the Internet through a DSL modem in bridged mode.  The network uses the 192.168.0.X IP range (the router is 192.168.0.1).  For security reasons, I need to have 4 of the computers not be accessible from the other computers on the network.  However, I need to be able to access the other computers on the network (including the PDC) from these four.

Can this be done by setting up another router on the network using, say, 192.168.0.X, for the four computers and using a "one-way" static route?  Or am I going to be stuck with something disgustingly complicated?

Thanks in advance for any help

RE: One-way traffic on network?

You could insert a second router and perform NAT on that router.  If you are using Dynamic NAT (the default for most routers these days) there will not be any mapping back to the protected network.  This router should get its external address from the existing router (192.168.0.x) and will translate the protected hosts to that address on your internal network.

You just need to make sure that the router protecting the 4 hosts is NOT using 192.168.0 as its backside network.  You could easily set it to 192.168.1 or any other RFC 1918 address range like 10.


pansophic

RE: One-way traffic on network?

(OP)
Thanks for the info.  I did a test today using just one computer.  It works fine for browsing the network, but when I try to hit the Internet I get a timeout error.  Is there something simple I'm missing here?

RE: One-way traffic on network?

Probably the default route on the protected network's router, or its DNS settings.  Check them and make sure that it is correct for your network (the protected network's router should have all of the same settings as the computers on your unprotected network).


pansophic

RE: One-way traffic on network?

(OP)
It's still not working - I suspect the default route (I'm fairly new to the static routing thing).  Here's what shows up in my routing table on the protected network's router

Dest LAN IP   Subnet Mask   Def Gateway   Hop Count  Interface
192.168.0.0   255.255.255.0 192.168.0.1    15         LAN
192.168.1.0   255.255.255.0   0.0.0.0       1         LAN

Do I need to somehow set a default route in this router to the main router?  If so, how is that done?  The protected network's router is a Linksys BEFSX41.

RE: One-way traffic on network?

You should not need to set a static route on the main router IF the protected network router is doing NAT.  The routes look good, except that both networks appear on the LAN interface.  192.168.0.0 should show up on the external interface of that router.  But I think that I see the problem.  This router is a DSL router and therefore useless on the backend of your network.  You need a router that will route between two Ethernet interfaces.

                               -------            -------
                           |---| Host |       |---| Host |
                           |   -------        |   -------
                           |                  |
          -------------    |   ------------   |
Internet--| ext router |---|---| protected |--|
          -------------    |   |   router  |  |
                           |   ------------   |
                           |                  |
                           |   -------        |   -------
                           |---| Host |       |---| Host |
                               -------            -------

Like this.

The router that you are using only has a switch on its Ethernet interfaces.  It routes between the DSL interface and the switch.

If you have an old computer lying around, you could use a Linux firewall, like IPCop, and two NIC cards to act at the protected router.


pansophic

RE: One-way traffic on network?

(OP)
Thanks - I do have a couple of old computers that I could use for that.

RE: One-way traffic on network?

(OP)
pansophic:

Just wanted to thank you for the info.  I got IPCop, loaded it on an old PII box, and it's working like a charm.

RE: One-way traffic on network?

Excellent!  I'm glad to hear it.


pansophic

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close