I have a hopefully interesting question. The setup is 1 office and 3 networks. Each network is for the same company but they just want to keep them seperate.
The networks are 192.168.1.0/24, ""2.0/24, ""3.0/24. There is the main router which is a Cayman(""1.0) then NG1(netgear)(""2.0) & NG2(""3.0).
All of the networks are supposed to be seperate but since NG1 & NG2 are behind Cayman their external IPs are on the same network(""1.0).
And can therefor all devices behind NG1 & NG2 can communicate with the main network(""1.0) and vice versa. Which is exactly what I dont want.
Does anyone have a good solution for this. I know there is a way but I havent come up with anything yet.
I'm assuming there must be some devices on the 1.0 network that those on the 2.0 and 3.0 networks need to communicate with - perhaps a server or firewall/router leading to the internet - otherwise you could achieve what you want by simply pulling out a couple of plugs. So I'm guessing what you want is for the machines on 2.0 and 3.0 not to be able to see everything on 1.0; correct me if I'm wrong. That being the case, you might be able to do something with VLANs but I don't know if your equipment is VLAN-capable. Failing that how about having a fourth network and place on it just the resources that have to be shared by all (servers internet gateway etc). This could be 4.0. Then your 1.0, 2.0 and 3.0 networks could be set up to have access out to 4.0 but not to eachother. I'm sorry to be a bit vague but I'm making some big assumptions here as to what you are working with
You are right that 1.0 is the main network and has thier server/most of the workstations in the office. I would like 2.0/3.0 to only see the 1.0 gateway so they can get on the net. Other than that they should be blocked off completely. I'm pretty unfamiliar with vlans...if there is a good article that you know please give me the link. Ill look for some myself as well. But I dont think it matters in this case because im certian that none of our routers are vlan capable.
Could I accomplish this with subnetting? And just setup static routes. I'm not to experienced with subnetting and I think im going to setup a test network to try it out. I just dont know if this client would want to deal with it even if it did work.
Sounds like you could do it with subnets but it will mean changes to the current setup and it might be tricky to maintain in the future. I think what you need here is to put together a document that explains:
1) Statement of the problem
2) Implications of the problem (impact of leaving it as it is)
3) Possible solution(s)
4) Benefit(s) of solution(s) (better security or whatever)
5) Implications of the solution(s) (cost, time, effort, support effort etc)
Then let the powers that be make a business decision. Their decision might well be to leave it alone; in which case it's an easier life for you. But if they do want to change things at least you'll have a mandate - and Firewall.cx at your disposal...