Shared printer --> two networks

[maxholer]

I have a problem with the network setup in my office:
- currently we have a modem from the ISP, plugged into a switch which then distributes the connections around (there are 6 windows PC's, two network printers and two NAS data servers)

- we have another company coming in to work on a project for a couple of months and I would like to give them the internet connection and access to the printers (everything wired)

- I do not want them to have access to other PC's in our network or the NAS drives

Is there a way to do this, have two separate networks sharing some parts of it?


Thanks.

 

[Fallen Kell]

Firewalls, Subnets, VLANs, and/or DMZs. It won't actually be two separate networks since to have sharing, you need to be one network. But you can restrict access to the networks with proper configurations. Probably the easiest is to have 3 different subnets/VLANs configured (your network, the other company's network, and the printer network). Have a computer with 4 network ports running something like pfSense to provide the firewall and routing rules between the 3 networks.

You then connect the pfSense box to the modem from the ISP on one of the network ports, have another network port go to a new switch which connects to the 2 printers (of if you have 5+ network ports on the pfSense box, another port on the box, but then you need to deal with another subnet with firewall/routing table rules), have another port go from the pfSense box to your current switch (which has all your other windows computers and NAS), and have the last port on the pfSense box connect to the switch which runs the other company's network (that is overly simplified, but that is the idea of the rules you will need to put in place).

Set firewall rules on the pfSense box such that your network can communicate with the printer network but the printer network can not communicate back to your network, that the other company's network can communicate with the printer network but the printer network can not communicate back to the other company's network, that the printer network can not communicate with the internet, and that neither your network or the other company's network can communicate with each other, and finally that your network and the other company's network can communicate with the internet.