Creating two networks - Page 3

Azmandius · 20-10-2008, 17:54

Quote:

Originally Posted by Uncle Peter

just run a cat5 patch from your office lan to a switch or hub in your cafe area and plug the cash pc and camera host into that.

What is a cat5 patch?

Graham M · 20-10-2008, 17:55

A network cable

Although to do a neat job you might want to put a socket at the end.

Uncle Peter · 20-10-2008, 19:23

Knocked up another quick diagram to show how it would be possible to implement a caching proxy with the 3 router solution. Other than the price of the hardware and some learning/configuration time, a linux OS and Squid are going to cost nothing. You can configure squid to run as a transparent proxy relatively easily so there's no manual configuration of browser settings required on the client side.

Proxy has 3x NICs, for example:

eth0 is WAN side and connects to the adsl modem
eth1 connects to the WAN interface of the office router
eth2 connects to the WAN interface of the cafe router

So even the WAN interfaces on your office and cafe routers are physically segmented but you can still control other traffic inbound/outbound such as SMTP and POP3 using the iptables access control rules on the proxy box.

Graham M · 20-10-2008, 19:55

That would work, but the Routers wouldn't need to be routers any more with that setup

popper · 20-10-2008, 20:15

it would if you didnt want to worry about that wireshark netmasking type snooping though, the full linux router/+caching proxy/+throttling setup is not going to stop that in a single router+2switch setup.

so thats why we have talked about the easy 3 (wireless)router/WAN-to-LAN NAT way all day, to keep it simple but effective for stopping cross lan section snooping for your average end user thinking about these free open community wireless sharing setups.

SMHarman · 20-10-2008, 20:42

I know it is a one off cost vs an ongoing cost but how about a second internet connection for the cafe?
That way cafe traffic will not impede the internet access of the office.

popper · 20-10-2008, 20:47

sure that would work too, but you just know your going to want to Multi-WAN Bond these two connections for better combined throughput from whatever side your on at the time if your paying for these two connections

about 30 minutes after you realise you can Bond them, thats when your head explodes

thinking about the rule sets your going to have to use to route packets for different protocols for best use of the connections seeing as their not end to end bonded with your (ISP)provider(s).

Uncle Peter · 20-10-2008, 20:57

Interesting to see everyone's ideas thrown into the pot

I hope the OP's head hasn't exploded yet

Azmandius · 21-10-2008, 10:46

Quote:

Originally Posted by SMHarman

I know it is a one off cost vs an ongoing cost but how about a second internet connection for the cafe?
That way cafe traffic will not impede the internet access of the office.

Interesting idea.
Worth taking into consideration.

Azmandius · 24-10-2008, 15:34

So after all the thinking i have decided before buying anything to do the minimum security setup with the hardware i have just to make sure i will be able to make it work.
If everything will go smooth i will go ahead and get something better for more security.
Here its the hardware i have now, and i would like to get something of it:

What would be the best connection architecture with it in order to give out free internet for dynamic IP but stop users from simple access of office computers? (office computers are on static IPs)
Thank you very much.

Graham M · 24-10-2008, 15:44

No you want the Hub in the Cafe connected to the top router in the Office and then the Office connected to another port on the same router as there is still a chance someone clever enough will be able to access the stuff on the office network - See my original Diagram.

altis · 24-10-2008, 17:27

There's some more help in the following link Eugen. How is the weather in Moldova at the moment?

http://mybroadband.co.za/vb/showthread.php?p=2173733

Azmandius · 25-10-2008, 12:48

Quote:

Originally Posted by altis

There's some more help in the following link Eugen. How is the weather in Moldova at the moment?

http://mybroadband.co.za/vb/showthread.php?p=2173733

Thank you

Weather is cold and wet, i'd call it London weather...
How's weather in your location?

popper · 25-10-2008, 14:38

i find it interesting that noone in that external thread included the simple 3 router way we have put forward, perhaps someone should post there and link back here.....so they can read up on it.

if buying the extra kit is a problem Azmandious, you do know you can just use any old PC,install 3 ethernet cards, and boot live router CD/USB2 stick and set it up as you require!

Azmandius · 27-10-2008, 12:45

Quote:

Originally Posted by popper

i find it interesting that noone in that external thread included the simple 3 router way we have put forward, perhaps someone should post there and link back here.....so they can read up on it.

if buying the extra kit is a problem Azmandious, you do know you can just use any old PC,install 3 ethernet cards, and boot live router CD/USB2 stick and set it up as you require!

Actually the true is that i will have to invest mon in order to have real simple and actual security, so the 3 routers way is the best so far.