Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[placid]

A while ago I had a setup like this:

- cable modem connected to a wireless router (ip something like 192.188.1.1)
- Wired router connected to the wireless router (ip something like 192.168.10.1)
- pcs with wireless connectivity used the wireless router; regarded as less secure (more exposed).
- pcs with wired connections used the wired router; regarded as more secure.
- The two 'groups' of pcs do not need to connect directly
- not sure if I've used the term 'different subnets' correctly in the subject; but that's what I mean by 192.168.1.1 and 192.168.10.1)

So...I'm not a network guy but what I was told by those who knew a lot more was that having the two groups of pcs using different ip ranges made them relatively more isloated from each other. In particular, the pcs on the wired LAN were more isolated from 'hackers' on the internet.

Does anyone here know enough to say if this is a good model to continue with? I know it's not as simple but I would be willing to put up with the extra trouble if it helps with security.

[Squirrel2]

Personally, I find doing that to be a waste of time. There are times when you need to do something like this, but evading hackers isn't one of them.

Yes, the computers on the wired router have an extra degree of isolation from the internet. They also have a degree of isolation from the computers on the wireless router. This will affect file sharing for computers connected to different routers.

The extra degree of isolation does nothing for you once you get a virus or other malware (say, from something you downloaded yourself). At that point, as long as the computer can get to the internet, it's over.

[placid]

Thank you for the input. I'm new here, and would like to put your ideas into some context re your experience level. Are you really good with networks, or more of a 'just try to get the thing to work' level techie like I am (with networks).

Part of my perspective was formulated at a time when I was using smoothwall as my firewall. That's a bare bones linux distro that acts as a dedicated firewall on any old pc. It turned out to be too complicated for me to get working well so I reverted to units like the DGL 4500 or the linksys units that are out there. But those guys are really into network security and according to the view they hold, the subnet isolation is a key component. If you're 'wise' in the ways of networks, and you feel that the subnet isolation is not all that useful in the case I've described...that's good to know. I don't need extra complexity!

The reason it came up is that I have no been able to get the DGL 4500 to work well on the LAN side. As noted in another thread I started, it does not seem to allow pcs on a LAN to connect on ports other than 80. So far my forum topic, a bunch of PMs to dlink employees that spend time here on the forums, and a long phone experience with dlink on the phone have moved me exactly zero inches closer to a solution. So I thought - buy a dedicated wired router and a separate wireless router, let them handle the diff tasks well, and maybe get some addtl isolation into the bargain.

[Squirrel2]

I would say that I am a step (possibly two) above 'just try to get it to work'. I am by no means a networking expert.

If you would like, I can try to help you with your wired problems. I have no problems with computers communicating with each other on my network. I fix people's computers on the side, so I have worked with many machines. And my router has never failed to allow me to backup files over the LAN.

Send me a message over AIM or give me a PM if you are interested.