Resolved Securing a bridged network

Hi guys,

I've kinda promised to do a neighbour a favour for a few weeks by allowing him to use my internet access until he gets his installed, the setup is as below.



Modem <- Router 1 <- My systems
...........^
...........|--- Router 2 <- Neighbours systems


Router 1 is a netgear wgr 614v9, router 2 is a netgear wgr 614v6. Both have been setup with WPA-PSK, not to broadcast SSID and limiting wireless connections to known MAC addresses (I retain control of both routers unless the neighbour physically resets router 2 - he has been explicitly told not to do this or the deal is off).

I think I've done all I can regarding external unauthorised wireless access and although I do trust the neighbour not to abuse this setup I am concerned about his security on his PC.

I'm quite comfortable ensuring my system is relativly secure (famous last words) but my ISP doesn't take too kindly to P2P sharing or worms (understandably). Before this setup goes live I'll do a thourough check on his laptop (the other system is a PS3) but after that I'll be relying mainly on him maintaining security.

Both routers do however allow blocking of ports/services and I do understand this is only one other weapon but I'm hopeful that some people here can suggest the best port blocking setup to maintain his enjoyment of the net but limit my risks of p2p/worms etc.

Just to confirm both routers are wired together but any other systems may be wired or wireless to the routers.

 

And don't forget to remove/password protect any shares [including printers] that you have. Since you would be on LAN, whatever you would be sharing could be available to him & vice versa.

 

I’d be more comfy doing it a slightly different way.

Hook his computer up to router 1.
Put your system behind router 2.

Router 2 WAN port connected to router 1 LAN port.
Use different LAN IP for router 2.
For example Router 1 has 192.168.0.1
Router 2 has 192.168.1.xxx

That way you’re hard firewalled.

DHCP enabled on both routers.
Password protect both.
If he’s using wireless it has to be through router 1.

 

Hi Tony/RSinfo.

Yep those steps are already inplace (I'm setting router 2 up here before I take it upstairs).

ephermarial, perhaps I'm reading it wrong but wouldn't your setup leave us without internet access unless I run a second cable back down to my place?

 

nope -while doing him this favor you’re taking physical possession of both routers and simply feeding him a cable from router 1.

modem ---> router 1 (run cable from lan port to his flat,house, apartment) ---- run cable from another lan port to router 2 wan port (you're taking his router) and placing it next to router 1 for simplification of wiring.

hmmm is favor spelled favour across the stream er pond.


ps- hookup is called cascading routers - can google it for some pics (linksys has some)

 

Ahh, got you. Problem is he's wanting to use wireless too (PS3 and/or laptop) and the distance/construction involved negates connecting wirelessly to my premises.

And yes, here it's favour/colour/neighbour etc

 

Then
Outside of a 3rd router, or 2nd cable as you mentioned, you’ll have to rely on your software firewall.

Scary
Hope he’s a safe surfer.

I’d also image my HD – just in case.

Hope he appreciates what you’re doing.

 

The safe surfing is the issue, hence the original requests re port blocking etc.

Fortunately this is a new system, and can easily be restored to factory settings and other software installed within a matter of hours. My other laptop will be disconnected during this period.

Let's just say he'll be reminded where the pub is as soon as this bloody snow clears up

Thanks for the input guys, I'll mark this resolved but if anything else comes to mind let me know.

 

Just 1 other thing – just thought of it.
Check if your software firewall allows you to totally block a computer on your network.

His router is just another computer far as your software firewall is concerned.
See if it can block communication with the routers MAC address.