Posted: Tue Jun 09, 2015 2:59 Post subject: not even sure what to call this topology. Need search term
I want to separate my LAN into two different segments with two physical ddwrt routers behind the same modem. I find plenty of articles on multiple wlans but I want two physical subnets so I can have one more secure than the other.
Maybe there is a more efficient way to accomplish this:
I want one physical LAN segment to allow outbound traffic for my security cameras so I can view them anywhere. If that segment were compromised it would hopefully be separated from my second segment which would not allow any data to be served to the wan. This is where personal computers and devices would reside. I just don't like the idea of having an externally facing "server" on the same network as my personal information.
Can anyone help point me in the right direction or tell me what I should be searching for?
is there a reason you want to different routers for this? You should be fine with seperating the networks and some iptables magic, if you want the same - a secure and a non-secure - network (for example) on each of your two routers you should take a look at VLANs.
No, I do not necessarily need two physical routers but thought that may be a bit more secure - correct me if I'm wrong.
I'm thinking of this as a layered approach in this way; WAN ->LAN1 (containing only an open port for my services needing served to the outside world) all others closed -> LAN2 behind LAN1. Essentially I'm imagining all traffic traveling through LAN1 and this would mean LAN2 would see LAN1 as the WAN? Am I overthinking this?
Also, I would assume that if someone were to compromise LAN1 through the open port and gain access to the router, they would still need to compromise the firewall on LAN2. Both LANs would have different authentication to the router.
I don't know much about security, but I would think that if both routers were wired modem to each routers wan it would be pretty secure. However, I could be quite wrong. You probably need to research this outside of ddwrt as well. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
