Home network setup -Wired & Wireless - is this possible???

tedward

Member
Dec 8, 2002
66
0
0
What I'd like to accomplish:

Using a single cable internet feed & one cable modem, I want to share the signal among 3-4 gigabit wired computers. One of these will be a file server, running WHS (Windows Home Server).

Now for the hard part: I'd also like to have wireless internet access available, but I don't want anyone using the wireless network to have access to any of the PC's on the wired network.

If this can be done, what's the best way to do this?

Thanks in advance for your help.
 

VirtualLarry

No Lifer
Aug 25, 2001
56,570
10,200
126
That sounds like my setup. I have two routers, the "outer" (internet-facing) router is my Verizon-supplied Westell 327, a DSL modem/router/wireless device. I then have a (inner) Netgear wireless-N router, that has been flashed with DD-WRT, connected via the WAN port to one of the LAN ports of the Westell. I then have an 8-port Trendnet gigabit switch connected to a LAN port on the Netgear. All of my PCs (and eventually my printer) are plugged into the Trendnet.
I configured the outer router to set the inner router as the DMZ host. So all unsolicited internet traffic gets sent to the inner router, which has Upnp enabled. That way, my PCs on the LAN can open listening ports on the router.
I have the wireless on the outer router enabled, with SSID of "FREEINTERNET", and with no security configured. I have the inner router configured with WPA-PSK (AES), with a secure passphrase. That way, users can connect to the wireless on the outer router, and access the internet, but cannot access the machines on my LAN. Wireless users connecting securely to the inner router do have access to the wired LAN, as well as the internet.


I also have another identical Netgear wireless-N router, also flashed with DD-WRT. Both this and my other Netgear are configured for WDS mode, allowing me wireless LAN access, via the wired LAN ports on the other WDS router.

Edit: The routers all have static IPs too, that's important.
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
You are aware that having no security on your freeinternet wireless, you are liable if someone gets on that and is involved with illegal activities. This is your internet account that you are responsible for. The authorities don't care if you have free wireless, they will still investigate you if it's your account that's involved. Stupid if you ask me. Just my opinion though.
 

sourceninja

Diamond Member
Mar 8, 2005
8,805
65
91
You can also do vlans and virtual SSID's with dd-wrt so the second router is not a requirement.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,516
408
126
I do not know what exactly your plan is? As kevnich2 said you might be heading into trouble.

However if your Wireless part is going to be secure, and you want to isolate it from the wire.

Here is the solution, Network Segregation - http://www.ezlan.net/shield.html
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
This to the OP, If you get a router with DDWRT, you can actually create two separate wireless SSID's (add a secondary virtual wireless interface and separate it with a VLAN) with one piece of equipment. Your main SSID can have access to everything. If you have guests over, you can give them access to your secondary VLAN segregated SSID that only has access to internet (but still have WPA encryption on both SSID's, you NEVER want to have a wireless that has no encryption contrary to virtualarry's post). This way your guests don't have access to your other PC's but you can have your laptop on the other wireless and have full access to your entire network. This is how my setup is when I'm fixing or testing other PC's that I don't want to have access to my internal network. Just create another wireless virtual interface in DDWRT and put it on a separate VLAN and name it something like guest_wifi or something similar and enable encryption on it to keep away prying eyes.
 

VirtualLarry

No Lifer
Aug 25, 2001
56,570
10,200
126
Originally posted by: JackMDS
Originally posted by: tedward
D-Link

I usually do not go with this Router but the current price ()$499.99) it is a very good deal.

I just had to click on it when I saw that price. Thankfully, the real price is only $49.99. Sorry Jack, you had an extra 9 in there. :p
 

tedward

Member
Dec 8, 2002
66
0
0
Originally posted by: JackMDS
I do not know what exactly your plan is? As kevnich2 said you might be heading into trouble.

However if your Wireless part is going to be secure, and you want to isolate it from the wire.

Here is the solution, Network Segregation - http://www.ezlan.net/shield.html


This is very helpful. So if I understand correctly, a gigabit router, like the D-link I linked to above should do the trick.

Is there a better alternative? Would a gigabit switch, plugged into my WRT54GS accomplish the same thing? Or does it have to be a router to have functionality that I listed in my OP.
 

tedward

Member
Dec 8, 2002
66
0
0
Originally posted by: JackMDS
A good Giga switch plugged into the Router would do well


So with this Giga switch, plugged into my WRT54GS, I will be able to:


Using a single cable internet feed & one cable modem, I want to share the signal among 3-4 gigabit wired computers. One of these will be a file server, running WHS (Windows Home Server).

Now for the hard part: I'd also like to have wireless internet access available, but I don't want anyone using the wireless network to have access to any of the PC's on the wired network.
 

Dravic

Senior member
May 18, 2000
892
0
76
The best way would be complete network separation. Most consumer routers are not set up to make this easy. Something like smoothwall or another firewall distro do this very easily, but require a free old computer.

my Smoothwall example:

1 smoothwall box - 3 nics

Green network = internal network
Red network = internet (fios)
Orange network = internet access, but no access to green network

I currently keep my fios STB?s on my orange network the fios default install router is terrible.

Green (192.168.x.x) ? personal network
|
|
v
Smoothwall - - > internet
^
|
|
orange (10.x.x.x) ---- network that is still firewalled and needs internet, but has no business on my personal network


My personal wireless is inside my green network for now (wpa2).. while I would like guests traffic (even the invited kind) to never be on my personal network, I don?t want to lose being on my personal network on my own wireless laptop (file transfers, lan gaming etc), and I would hate to have to set up a second wireless network in the house.