Making secondary network invisible for primary network

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
Desperado17
DD-WRT Novice


Joined: 15 Apr 2021
Posts: 4

PostPosted: Thu Apr 15, 2021 16:46    Post subject: Making secondary network invisible for primary network Reply with quote
Greetings,

I'm a network newbie and I need some help to get the following scenario up and running:

I have a primary router that is also my cable modem. It provides internet access on a number of ethernet ports. One of these ports is connected to the WAN port of a Linksys e2000 router which forms my secondary/private network. It shares the internet connection provided by the primary router among its clients. The secondary router runs dd wrt.

Now the primary router/cable modem also provides a semi-public wifi network for my guests. What I want to do is to prevent any machine that is connected to the primary router via ethernet or wifi from seeing any machine in the secondary network or getting any other internal information from it. Nevertheless, the secondary network should still be able to use the internet connection provided by the primary router.

Can anyone tell me if and how I can achieve this with dd wrt configurations on the secondary router? Thanks!
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Apr 15, 2021 17:03    Post subject: Reply with quote
If your E2000 is connected via it's WAN port to the primary router and is in default gateway mode and double NAT, then there is no way for any device on the primary network to connect to any device on the secondary network, especially if you disable uPnP like you should.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Desperado17
DD-WRT Novice


Joined: 15 Apr 2021
Posts: 4

PostPosted: Thu Apr 15, 2021 20:21    Post subject: Reply with quote
Thanks for you answer. Can you tell me how to check in dd wrt if all these things apply?
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1410

PostPosted: Thu Apr 15, 2021 22:48    Post subject: Reply with quote
did you change any settings on DD-WRT?

This is the default settings... you have to check your physical cable, but does DD-WRT have a WAN address under status->WAN and there is a different address on the status->LAN (including different subnet?) Ie if the WAN address is 192.168.1.xxx then the LAN needs to be something like 192.168.2.xxx (ie the bold numbers need to be different)
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Fri Apr 16, 2021 16:25    Post subject: Reply with quote
As @kernel-panic69 has indicated, there's no way for any device on the primary network to gain access to any device on the secondary network, due to the secondary router's firewall on the WAN.

However, this doesn't prevent a device on the primary network from engaging in *eavesdropping* via arp poisoning. Whether this is a worthy enough concern depends on the circumstances. In some cases, such as using your own router w/ a primary router provided by a third-party (e.g., a landlord), it *might* be. And it can be mitigated by using a VPN on the secondary router so all its traffic is encrypted as it traverses the primary network.

As described, if the OP's *real* concern is only the guest network on the primary router, that should normally be isolated from the private network on that same router. So perhaps the issue is moot.

Some of this stuff can be overkill given the circumstances. But just for the purposes of being complete, users need to be aware of *all* the potential risks.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum