Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setting Up Firewall to block 10.10 adresses


  • Please log in to reply
7 replies to this topic

#1 Wado

Wado

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, MD
  • Local time:04:36 AM

Posted 13 August 2014 - 02:06 PM

I work at a Non profit and another non profit is going in downstairs. they have asked to share our network so I purchased a wifi router, Trendnet TEW-731BR. Our Modem/Router uses the 10.10 address system and allows us to share printers and files.

They will be putting their own network printer and file sharing on the Trendnet TEW-731BR set with a 192.168.xxx.xxx network.

I tested and found that I could access a printer and other devices on the 10.10 network from the 192.168 network. I want to setup a firewall or other whatever that gives them internet connection only and limits their network to the 192.168 addresses.

I want to secure the 10.10 network by sending the 192.168 network straight to the Web. How do I do this? 

 

Thank you,

Fred

 

P.S. I am thinking of this as a main network and a sub network. I want to send the sub network straight to the Web.



BC AdBot (Login to Remove)

 


m

#2 Kilroy

Kilroy

  • BC Advisor
  • 3,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:02:36 AM

Posted 13 August 2014 - 02:55 PM

I believe you need to set up three routers, this page (in the Three Routers for Two Isolated Sub Networks section shows you).  You connect one router to the ISP and  then connect the other two routers to that router in a Y configuration.  The two routers are used for your respective non-profits.  If you have devices that you need to communicate with from the Internet side you'll probably have issues.  As long as all communication is local with Internet access  you should be fine.



#3 Wado

Wado
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, MD
  • Local time:04:36 AM

Posted 13 August 2014 - 05:28 PM

I have a Cisco Wireless Router in Bridge mode giving wifi to us. I will put it in router mode and follow your advice.

 

Thanks Kilroy,

Fred



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 August 2014 - 05:28 PM

Shame you didn't ask the question before you purchased equipment.  You didn't need another router.

 

You have three options not including the three router setup;

 

Option 1: return the router and get a managed switch.  On the switch create two vlans with both having internet access.  Everyone would be the 10x network but based on ports their connections can not access your connections.  And there is no hack to get around it.

 

Option 2: run the internet to their router and then to yours.  This will secure your network but not theirs.

 

Option 3: make no changes to the network as it exists except to set each hosts software firewall to deny the 10x subnet.  Printer will still be available but none of your workstations would be accessible from the 192x network.

 

.


Edited by Wand3r3r, 13 August 2014 - 05:36 PM.


#5 Wado

Wado
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, MD
  • Local time:04:36 AM

Posted 13 August 2014 - 06:47 PM

I like where you are going Wand3r3r, but my budget is non existent. I needed the second Wifi anyway and it was less than $30 for the Trendnet with a 3yr warranty.

 

They will be all Wifi, putting their own network printer and file sharing computers on the Trendnet TEW-731BR set with 192.168.xxx.xxx network.

I use a Cisco Linksys E1200 in bridge mode with wired network printer and file sharing desktops. The wired network is a 10.10.XX.XX network managed by our Comcast Modem/Router that I do not currently have access to.

I want to secure the 10.10 network by sending the 192.168 network straight to the Web. Can I do that with a fire wall rule; like pointing their traffic to 10.10.0.1 only or blocking all 10.10.x but 10.10.0.1?


Edited by Wado, 13 August 2014 - 06:52 PM.


#6 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 14 August 2014 - 10:42 AM

A firewall rule would only apply if the traffic hit the firewall first which in your case it does not.

 

You should get Comcast to take their router out of bridge mode and then do a direct connect of both the 10x and 192x routers to it.  Then you will have your three router scenario.



#7 Wado

Wado
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, MD
  • Local time:04:36 AM

Posted 14 August 2014 - 03:28 PM

My original idea:

Comcast Modem/Router is 10.10

Cisco Wifi Router is in Bridge Mode.

Trendnet Wifi Router is 192.198 [I want to limit it's access to the default gateway only (10.10.0.1(internet))]

 

What it looks like my only option (as discussed here) is:

Comcast Modem/Router 10.10.0.1(Internet gateway)

Cisco Wifi 10.10.1.1 (My office router)

Trendnet 192.168.0.1 (Their office router)

Thanks for letting me pick you brains.

 

Fred



#8 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 15 August 2014 - 10:54 AM

Yep that will work.  Best of luck.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users