[SOLVED] Internet access with 2 subnets and 1 router

Toggle sidebar Toggle sidebar
C

chrisdr

Oct 18, 2019
2
0
10
My home network is at 192.168.1.x.
I have a ‘special’ device which I’d like to isolate from all other local devices except for my pc which is on static ip 192.168.1.99.
I gave the special device static ip 192.168.2.2 and added a second static ip 192.168.2.99 to my pc. Communication beteween the special device and my pc is ok.

However I’d like to allow internet access to the special device . I only have one router which is at 192.168.1.1.
I know this can be achieved through VLANs but I don’t have the proper hardware for it. Is this also achievable by modifying routing tables? If so, which modifications should I make on what devices?
 
Solution
B
You only partially isolated the device. There is nothing really preventing the device from changing its ip address and talking to any device on your network. There is also nothing preventing any other device from also using the trick of assigning a secondary ip. You still have all the broadcast traffic mixed together which can be a risk.

As you have found consumer routers are very limited in their abilities. They pretty much allow a single subnet to be translated to a single wan ip. They have little ability to actual route traffic even though consumers call them routers.

Not sure what you can do. What you have done is a extremely non standard implementation even if you had commercial equipment. All I can think of is...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,319
2,754
125,640
You only partially isolated the device. There is nothing really preventing the device from changing its ip address and talking to any device on your network. There is also nothing preventing any other device from also using the trick of assigning a secondary ip. You still have all the broadcast traffic mixed together which can be a risk.

As you have found consumer routers are very limited in their abilities. They pretty much allow a single subnet to be translated to a single wan ip. They have little ability to actual route traffic even though consumers call them routers.

Not sure what you can do. What you have done is a extremely non standard implementation even if you had commercial equipment. All I can think of is there is some way to make your PC run something similar to ICS but between 2 ip on the same interface. I don't think ICS supports that but maybe there is other software.

You best option would be to add a second nic to your pc and plug the device in. This provides real isolation and you could use ICS to allow the device to gain access to the internet via your PC.

Otherwise you buy better equipment and do this the correct way.
 
Upvote 0 Downvote
Solution
failboat

failboat

Splendid
Feb 19, 2010
1,905
51
21,390
From a firewall standpoint I don't like using ip rules for access. Another client can just change their ip to the one you are passing rules on. You want a client with the kind of access on it's own vlan and access to that very secure. Your fw can be setup to access inbound from that vlan on the ports you use for access.

There are multiple ways of managing a server. If you are trying to get into homelabing there are many sites dedicated to it.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom