1

I'm not very familiar with networking issues, but my current project requires me to create an environment in which I will have 2 clients, but client 2 cannot see where client 1 is connected to and with whom it is communicating. Client 2 is able to scan the network without me having the opportunity to stop him.

I want to make 2 separate networks, and I was wondering, what is the best way for me to do that?

Two options I've heard of are "Router Cascading" and "VLANs". What are the potential risks in using those to achieve my goal?

In addition, on client 1, I need to be able to port forward to receive incoming traffic. This open port cannot be seen by client 2. And client 2 should not be able to communicate with client 1 at all.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
kafka01
  • 11
  • 3
  • Need more detail: does client 2 have to be able to communicate with client 1? Does client 2 need to be able to communicate with all the nodes that client 1 can communicate with? Will a switch solve the problem? – schroeder Sep 17 '15 at 16:45
  • Also, what's with the modem you mention in the title, but nowhere in the text of your question? – Tilman Schmidt Sep 17 '15 at 16:58
  • Your additional details do not make sense and you did not supply all that I asked for. It looks like there is more context here that you are not supplying. To solve the problem *as stated*, I would simply disable the network card on client 2.... – schroeder Sep 17 '15 at 17:00
  • The idea is to use 1 modem/Internet access and create two seperate networks from that. Client 1 and Client do not need to communicate with eachother and should not see each other, but everyone of them needs to have access to the internet. I hope that clears it up. – kafka01 Sep 17 '15 at 17:30
  • Oh! You want to have 2 clients share an internet connection but isolate each client from each other. Is that right? – schroeder Sep 17 '15 at 19:30
  • Yes that is correct. – kafka01 Sep 18 '15 at 03:11

2 Answers2

1

I can think of two ways offhand:

  1. Put client 2 on a guest network. That will separate the two clients while still allowing port forwarding to client 1.

  2. Use 3 routers. modem -> router1, then router1 -> router2 and router1 -> router3
    Anything plugged into either router 2 or 3 is effectively VLANed from the other. This will also allow you to assign a static IP to each router, and then port-forward from router1 to whichever router you have for client 1, and then set up that router's port forwarding as well. This is a bit convoluted but should do what you need. Additionally, anything else plugged into router 1 would be able to communicate with anything using either router 2 and 3.

Vilican
  • 2,703
  • 8
  • 21
  • 35
Simon
  • 11
  • 2
  • what about a single router, 2 subnets, and a forwarding rule? – schroeder Sep 17 '15 at 19:31
  • If you're going with consumer-grade routers, I don't recall ever seeing the option to have multiple subnets (except in the case of guest networks, which is essentially what that is). I imagine there's no limit to configuration options on enterprise equipment, but I can't speak from experience on using them. – Simon Sep 18 '15 at 12:32
  • You can use a wireless enabled router and separate the wired and wireless into two vlans. That would require one to be wired but no 3 routers. – Nikhil_CV Sep 22 '15 at 04:18
0

Dhcp, 2 interfaces, set one set of subnet to one client, and the other to the next. Split by mac address/subnet. Use a cheap low power machine.

munchkin
  • 31
  • 2